httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smu johnson <smujohn...@gmail.com>
Subject Re: Cipher suite used in default Apache
Date Fri, 29 Oct 2010 19:26:22 GMT
Not that I have much say in the matter, being new here and all, but I
definitely like the idea.

I also had another one.  How opposed would anyone be, if "apache2ctl
fullstatus" gave a bit more of this relevant cipher info that I originally
inquired about?  Seems like a good place to stick it, since it wouldn't
require one to connect to oneself to see Apache2 / mod_ssl's status data.

Somewhere near "SSL/TLS Session Cache Status:" seems like a good place.

On Thu, Oct 28, 2010 at 10:53 PM, William A. Rowe Jr.
<wrowe@rowe-clan.net>wrote:

> > The manual recommends testing your SSLCipherSuite with the openssl
> > command line utility.
> >
> > You could open an enhancement bugzilla entry to allow a config test or
> > trace method to make the openssl calls to provide this info.
>
> A debug emit at startup would be appropriate... had come across this in the
> context of FIPS... when giving a cipher list with non-FIPS ciphers, those
> are
> silently ignored (as are all unrecgonized cipher patterns).  A debug
> startup
> message after we set the cipher suite which retrieves the effective cipher
> list would be most helpful to admins in troubleshooting the typos in their
> list.
>
>
>


-- 
smu johnson <smujohnson@gmail.com>

Mime
View raw message