httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] How to different SSLProtocol for each of the conf files
Date Tue, 25 Jul 2017 08:17:05 GMT
Hi,

we'd need to get your vhost configuration before helping further on, as
Eric mentioned you have probably some overlapping but it is very difficult
to debug only from your description. If you can put your configuration in
https://apaste.info/ it would be great, otherwise I'd suggest to reach out
to the folks in #httpd (IRC Freenode) to get some live help.

Luca


2017-07-25 6:45 GMT+02:00 chetan jain <cpjain26@gmail.com>:

> Hi All,
>
> Any more input on this?
>
> --Chetan
>
> On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjain26@gmail.com> wrote:
>
>> Hi Eric,
>>
>> Thanks for the reply.
>> We have a different server alias for each of the host, It does get
>> honoured that is how requests go to correct sites.
>>
>> It's just that something with the SSLProtocol, i read somewhere after
>> googling that SSLProtocol are taken from the first virtual host which is
>> loaded and rest are ignored, trying to seek confirmation if that is
>> correct...and what can be done to achieve the needful
>>
>> On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@gmail.com> wrote:
>>
>>> On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@gmail.com> wrote:
>>> > Hi All,
>>> >
>>> > We have an Apache WebServer (2.2.15) setup on CentOS 6 where in
>>> httpd,conf
>>> > we have included conf.d/*.conf files which has configuration for all
>>> the
>>> > virtual hosts.
>>> >
>>> > In conf.d we have respective .conf file for each of the virtual hosts
>>> like :
>>> >
>>> > abc_com.conf for abc.com
>>> > xyz_com.conf for xyz.com
>>> >
>>> > etc
>>> >
>>> > now I want to disable the TLSv1.0 and SSLv3 request only for one of
>>> this
>>> > virtual hosts, but even if i put the values like :
>>> >
>>> > SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1  in
>>> xyz_com.conf
>>> > file TLSv1.0 and 1.1 are still enabled for xyz.com
>>> >
>>> > to disable it, I have to put the same value in abc_com.conf file as
>>> well,
>>> > then only it get disabled for xyz.com as well (even if i remove the
>>> paramter
>>> > from xyz_com.conf in that case it is still disabled)
>>> >
>>> > can't we have different SSLProtocol for different virtual hosts?
>>> >
>>> > I can not disable it for all the websites, have to do it for only one
>>> of
>>> > them, how can i achieve this?
>>>
>>> The file names don't matter very much. What matters is whether they
>>> are separate IP:PORT based vhosts. If they're not, they can't have
>>> separate SSL configurations.
>>>
>>>
>>> --
>>> Eric Covener
>>> covener@gmail.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>

Mime
View raw message