httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] SSLProtocol vs SSLCipherSuite
Date Tue, 18 Aug 2009 14:41:21 GMT
On Tue, Aug 18, 2009 at 10:36 AM,
Capstone<capstone@capstone-solutions.net> wrote:
> I may not have been clear on my question so I am reposting, hopefully in a
> more clear manner,... I apologize if this is bad practice.
>
> I would like clarification as to whether the SSLProtocol directive is
> absolutely necessary when trying to achieve the highest level of security
> when configuring Apache.
>
> Can the SSLCipherSuite directive overwrite what is designated in the
> SSLProtocol directive?
>
> For example:
>
> SSLProtocol SSLv2
>
> SSLCipherSuite TLSv1:SSLv3:+HIGH:+MEDIUM:!LOW:!NULL

Try it and see?

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message