httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: Cipher suite used in default Apache
Date Fri, 29 Oct 2010 05:53:06 GMT
On 10/28/2010 4:42 PM, Eric Covener wrote:
> On Thu, Oct 28, 2010 at 5:30 PM, smu johnson <> wrote:
>> I managed to get OpenSSL 0.9.8g and Apache/2.2.12 working together, but I
>> never defined what cipher rules I want to allow.
>> Unfortunately, I cannot figure out a single way for apache2ctl to tell me
>> what ciphers apache is using.
> The default SSLCipherSuite is in the manual
>>  Not what it supports, but what it is
>> currently allowing when clients use https://.
> The manual recommends testing your SSLCipherSuite with the openssl
> command line utility.
> You could open an enhancement bugzilla entry to allow a config test or
> trace method to make the openssl calls to provide this info.

A debug emit at startup would be appropriate... had come across this in the
context of FIPS... when giving a cipher list with non-FIPS ciphers, those are
silently ignored (as are all unrecgonized cipher patterns).  A debug startup
message after we set the cipher suite which retrieves the effective cipher
list would be most helpful to admins in troubleshooting the typos in their

View raw message