httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: Cipher suite used in default Apache
Date Thu, 28 Oct 2010 21:42:50 GMT
On Thu, Oct 28, 2010 at 5:30 PM, smu johnson <> wrote:

> I managed to get OpenSSL 0.9.8g and Apache/2.2.12 working together, but I
> never defined what cipher rules I want to allow.
> Unfortunately, I cannot figure out a single way for apache2ctl to tell me
> what ciphers apache is using.

The default SSLCipherSuite is in the manual

> Not what it supports, but what it is
> currently allowing when clients use https://.

The manual recommends testing your SSLCipherSuite with the openssl
command line utility.

You could open an enhancement bugzilla entry to allow a config test or
trace method to make the openssl calls to provide this info.

> Another problem I found (I'm not whining or cracking a whip), is that the
> apache2 docs don't even mention AES in them, which makes me think that the
> allowable CipherSuite stuff documented is about 10 years out of date.

I'm surprised it bothers to mention the rest instead of deferring to
openssl, but this would be a reasonable docs bug (to list it alongside

Eric Covener

View raw message