httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Hubbard <dhubb...@dino.hostasaurus.com>
Subject [users@httpd] SSLCipherSuite not disabling export ciphers?
Date Thu, 04 Dec 2008 08:40:29 GMT
Can someone tell me if the SSLCipherSuite directive has
any known issues with not fully adhering to what it is
given?  I've been trying to make a server pci compliant
by disabling all weak SSL ciphers and whatever I try is
not disabling the export grade ciphers.  I'm using:

SSLCipherSuite HIGH:MEDIUM

yet even after doing that, these six continue to work fine
when I test them:

EDH-RSA-DES-CBC-SHA  	56 bit
DES-CBC-SHA 	56 bit
EXP-EDH-RSA-DES-CBC-SHA 	40 bit
EXP-DES-CBC-SHA 	40 bit
EXP-RC2-CBC-MD5 	40 bit
EXP-RC4-MD5  40 bit

I've altered my directive to have !EXP and even to have
each of those six ciphers above explicitly excluded yet
they remain enabled.

Thanks,

David

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message