httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: Cipher suite used in default Apache
Date Fri, 29 Oct 2010 05:53:06 GMT
On 10/28/2010 4:42 PM, Eric Covener wrote:
> On Thu, Oct 28, 2010 at 5:30 PM, smu johnson <smujohnson@gmail.com> wrote:
> 
>> I managed to get OpenSSL 0.9.8g and Apache/2.2.12 working together, but I
>> never defined what cipher rules I want to allow.
>> Unfortunately, I cannot figure out a single way for apache2ctl to tell me
>> what ciphers apache is using.
> 
> The default SSLCipherSuite is in the manual
> 
>>  Not what it supports, but what it is
>> currently allowing when clients use https://.
> 
> The manual recommends testing your SSLCipherSuite with the openssl
> command line utility.
> 
> You could open an enhancement bugzilla entry to allow a config test or
> trace method to make the openssl calls to provide this info.

A debug emit at startup would be appropriate... had come across this in the
context of FIPS... when giving a cipher list with non-FIPS ciphers, those are
silently ignored (as are all unrecgonized cipher patterns).  A debug startup
message after we set the cipher suite which retrieves the effective cipher
list would be most helpful to admins in troubleshooting the typos in their
list.



Mime
View raw message