httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51958] New: mod_ssl documentation is confusing re. SSLCipherSuite Directive
Date Wed, 05 Oct 2011 02:51:20 GMT

             Bug #: 51958
           Summary: mod_ssl documentation is confusing re. SSLCipherSuite
           Product: Apache httpd-2
           Version: 2.2-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
    Classification: Unclassified

In the Apache documentation
there is an example:

$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1

Using this command on Linux, the NULL ciphers are suppressed so that NULL-SHA
is not listed.

The page also states:

The default cipher-spec string is
``ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'' which means the following:
first, remove from consideration any ciphers that do not authenticate, ...
Next, use ciphers using RC4 and RSA. "

I interpret this to mean that ciphers using RC4 are first in the list. But in
fact, these ciphers are already included in ALL, and are not first. The
presence of RC4+RSA in the cipher string has no effect at all.

using openssl-0.9.8e on RHEL5.2

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message