httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Pasher <just...@newmediagateway.com>
Subject Re: [users@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms
Date Tue, 15 Dec 2009 19:26:21 GMT
Fran├žois Beaune wrote:
> Hello,
>
> I have a setup where Apache 2.2.3 is serving a large SVN 
> repository with WebDAV over HTTPS (using basic authentication).
>
> Everything is working correctly;  I would simply like to force usage 
> of faster cipher algorithms (trading some security in favor of speed) 
> than what seems to be allowed right now (for instance, AES 256 is used 
> when I connect with Firefox).

[snip]

> As an experiment, I have tried that (at the virtual host level):
>
>         SSLProtocol all -SSLv2
>         SSLHonorCipherOrder on
>         SSLCipherSuite ALL:!ADH:+RC4+RSA:!HIGH:!LOW:!EXP:!NULL

I noticed that your VirtualHost container doesn't actually contain the 
SSLCipherSuite directive. Are you defining that somewhere else, such as 
in the global config scope? Double check to make sure that it's being 
defined globally as opposed to being wrapped inside another container 
object.

Also, you can use this script to check which ciphers are supported by 
your site.

http://www.lazorsoftware.com/lazorsoft/files/openssl_check.sh

-- 
Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message