httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: [users@httpd] SSL cipher suite modification
Date Thu, 08 Dec 2011 14:09:58 GMT
On 08.12.11 00:38, aparna Puram wrote:
>I understand from your mail that the following 2 cipher suites will work
>with the existing and the new clinet configurations.
>
>Kindly correct me if I m wrong.
>
>1-->!ADH:!EXPORT56:DES-CBC-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>2-->!ADH:!MD5:DES-CBC-SHA:RC4+RSA:+HIGH:+MEDIUM
>
>However the first cipher suite contains MD5, which is not preferable due to
>security reasons.

you disallow md5 due to security reasons, but allow null,export and low 
ciphers? :-)

I use DEFAULT:!EXP:!LOW and I hope that's enough. you can excloude MD5 
from those but I'd like to see your "security" reasons, due to 
paragraph above.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message