httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] How to different SSLProtocol for each of the conf files
Date Tue, 25 Jul 2017 10:16:04 GMT
As Eric pointed out earlier on:

> The file names don't matter very much. What matters is whether they
> are separate IP:PORT based vhosts. If they're not, they can't have
> separate SSL configurations.

In all files you have <VirtualHost *:443> and you use a different
ServerName to differentiate. I am not a big expert but I believe that what
Eric is saying is that if you want to use a different SSL configuration on
one VirtualHost you can with the constraint that the IP:PORT (stated in
<VirtualHost IP:PORT>) is unique and not used in another VirtualHost block.

Luca

2017-07-25 12:01 GMT+02:00 chetan jain <cpjain26@gmail.com>:

> Hi Luca,
>
> I have uploaded the content :
>
> https://apaste.info/t5ez
>
> Please review.
>
> --Chetan
>
> On Tue, Jul 25, 2017 at 4:17 AM, Luca Toscano <toscano.luca@gmail.com>
> wrote:
>
>> Hi,
>>
>> we'd need to get your vhost configuration before helping further on, as
>> Eric mentioned you have probably some overlapping but it is very difficult
>> to debug only from your description. If you can put your configuration in
>> https://apaste.info/ it would be great, otherwise I'd suggest to reach
>> out to the folks in #httpd (IRC Freenode) to get some live help.
>>
>> Luca
>>
>>
>> 2017-07-25 6:45 GMT+02:00 chetan jain <cpjain26@gmail.com>:
>>
>>> Hi All,
>>>
>>> Any more input on this?
>>>
>>> --Chetan
>>>
>>> On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjain26@gmail.com> wrote:
>>>
>>>> Hi Eric,
>>>>
>>>> Thanks for the reply.
>>>> We have a different server alias for each of the host, It does get
>>>> honoured that is how requests go to correct sites.
>>>>
>>>> It's just that something with the SSLProtocol, i read somewhere after
>>>> googling that SSLProtocol are taken from the first virtual host which is
>>>> loaded and rest are ignored, trying to seek confirmation if that is
>>>> correct...and what can be done to achieve the needful
>>>>
>>>> On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@gmail.com> wrote:
>>>>
>>>>> On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@gmail.com>
>>>>> wrote:
>>>>> > Hi All,
>>>>> >
>>>>> > We have an Apache WebServer (2.2.15) setup on CentOS 6 where in
>>>>> httpd,conf
>>>>> > we have included conf.d/*.conf files which has configuration for
all
>>>>> the
>>>>> > virtual hosts.
>>>>> >
>>>>> > In conf.d we have respective .conf file for each of the virtual
>>>>> hosts like :
>>>>> >
>>>>> > abc_com.conf for abc.com
>>>>> > xyz_com.conf for xyz.com
>>>>> >
>>>>> > etc
>>>>> >
>>>>> > now I want to disable the TLSv1.0 and SSLv3 request only for one
of
>>>>> this
>>>>> > virtual hosts, but even if i put the values like :
>>>>> >
>>>>> > SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1  in
>>>>> xyz_com.conf
>>>>> > file TLSv1.0 and 1.1 are still enabled for xyz.com
>>>>> >
>>>>> > to disable it, I have to put the same value in abc_com.conf file
as
>>>>> well,
>>>>> > then only it get disabled for xyz.com as well (even if i remove
the
>>>>> paramter
>>>>> > from xyz_com.conf in that case it is still disabled)
>>>>> >
>>>>> > can't we have different SSLProtocol for different virtual hosts?
>>>>> >
>>>>> > I can not disable it for all the websites, have to do it for only
>>>>> one of
>>>>> > them, how can i achieve this?
>>>>>
>>>>> The file names don't matter very much. What matters is whether they
>>>>> are separate IP:PORT based vhosts. If they're not, they can't have
>>>>> separate SSL configurations.
>>>>>
>>>>>
>>>>> --
>>>>> Eric Covener
>>>>> covener@gmail.com
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>>
>>
>

Mime
View raw message