httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Capstone <capst...@capstone-solutions.net>
Subject Re: [users@httpd] SSLProtocol vs SSLCipherSuite
Date Tue, 18 Aug 2009 14:36:08 GMT
I may not have been clear on my question so I am reposting, hopefully  
in a more clear manner,... I apologize if this is bad practice.

I would like clarification as to whether the SSLProtocol directive is  
absolutely necessary when trying to achieve the highest level of  
security when configuring Apache.

Can the SSLCipherSuite directive overwrite what is designated in the  
SSLProtocol directive?

For example:

SSLProtocol SSLv2

SSLCipherSuite TLSv1:SSLv3:+HIGH:+MEDIUM:!LOW:!NULL


Would the SSLCipherSuite directive above prevent SSLv2 from being used?

Thanks in advance.



On Jul 27, 2009, at 9:02 AM, Capstone wrote:

> I guess I may be confused as to the relationship between these to  
> directives in the Apache 2 httpd.conf file.
>
> Specifically,  will SSLCipherSuite directive take precedence over  
> the SSLProtocol directive?
>
> For Example;
>
> If I have omitted the SSLProtocol directive entirely. But I have  
> something like this in my SSLCipherSuite directive,
>
> SSLCipherSuite TLSv1:SSLv3:+HIGH:+MEDIUM:!LOW:!NULL
>
> Does this not allow any SSLv2 traffic to my server?
>
> Any info or help is greatly appreciated.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server  
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message