httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chetan jain <cpjai...@gmail.com>
Subject Re: [users@httpd] How to different SSLProtocol for each of the conf files
Date Tue, 25 Jul 2017 10:21:40 GMT
Thanks for the Reploy Luca.

so i shall be listing all the possible IP:port in the virtualhost.conf file
instead of just *:443 and that should make this work.

Let me try this out.

--Chetan

On Tue, Jul 25, 2017 at 6:16 AM, Luca Toscano <toscano.luca@gmail.com>
wrote:

> As Eric pointed out earlier on:
>
> > The file names don't matter very much. What matters is whether they
> > are separate IP:PORT based vhosts. If they're not, they can't have
> > separate SSL configurations.
>
> In all files you have <VirtualHost *:443> and you use a different
> ServerName to differentiate. I am not a big expert but I believe that what
> Eric is saying is that if you want to use a different SSL configuration on
> one VirtualHost you can with the constraint that the IP:PORT (stated in
> <VirtualHost IP:PORT>) is unique and not used in another VirtualHost block.
>
> Luca
>
> 2017-07-25 12:01 GMT+02:00 chetan jain <cpjain26@gmail.com>:
>
>> Hi Luca,
>>
>> I have uploaded the content :
>>
>> https://apaste.info/t5ez
>>
>> Please review.
>>
>> --Chetan
>>
>> On Tue, Jul 25, 2017 at 4:17 AM, Luca Toscano <toscano.luca@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> we'd need to get your vhost configuration before helping further on, as
>>> Eric mentioned you have probably some overlapping but it is very difficult
>>> to debug only from your description. If you can put your configuration in
>>> https://apaste.info/ it would be great, otherwise I'd suggest to reach
>>> out to the folks in #httpd (IRC Freenode) to get some live help.
>>>
>>> Luca
>>>
>>>
>>> 2017-07-25 6:45 GMT+02:00 chetan jain <cpjain26@gmail.com>:
>>>
>>>> Hi All,
>>>>
>>>> Any more input on this?
>>>>
>>>> --Chetan
>>>>
>>>> On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjain26@gmail.com> wrote:
>>>>
>>>>> Hi Eric,
>>>>>
>>>>> Thanks for the reply.
>>>>> We have a different server alias for each of the host, It does get
>>>>> honoured that is how requests go to correct sites.
>>>>>
>>>>> It's just that something with the SSLProtocol, i read somewhere after
>>>>> googling that SSLProtocol are taken from the first virtual host which
is
>>>>> loaded and rest are ignored, trying to seek confirmation if that is
>>>>> correct...and what can be done to achieve the needful
>>>>>
>>>>> On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@gmail.com> wrote:
>>>>>
>>>>>> On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@gmail.com>
>>>>>> wrote:
>>>>>> > Hi All,
>>>>>> >
>>>>>> > We have an Apache WebServer (2.2.15) setup on CentOS 6 where
in
>>>>>> httpd,conf
>>>>>> > we have included conf.d/*.conf files which has configuration
for
>>>>>> all the
>>>>>> > virtual hosts.
>>>>>> >
>>>>>> > In conf.d we have respective .conf file for each of the virtual
>>>>>> hosts like :
>>>>>> >
>>>>>> > abc_com.conf for abc.com
>>>>>> > xyz_com.conf for xyz.com
>>>>>> >
>>>>>> > etc
>>>>>> >
>>>>>> > now I want to disable the TLSv1.0 and SSLv3 request only for
one of
>>>>>> this
>>>>>> > virtual hosts, but even if i put the values like :
>>>>>> >
>>>>>> > SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1  in
>>>>>> xyz_com.conf
>>>>>> > file TLSv1.0 and 1.1 are still enabled for xyz.com
>>>>>> >
>>>>>> > to disable it, I have to put the same value in abc_com.conf
file as
>>>>>> well,
>>>>>> > then only it get disabled for xyz.com as well (even if i remove
>>>>>> the paramter
>>>>>> > from xyz_com.conf in that case it is still disabled)
>>>>>> >
>>>>>> > can't we have different SSLProtocol for different virtual hosts?
>>>>>> >
>>>>>> > I can not disable it for all the websites, have to do it for
only
>>>>>> one of
>>>>>> > them, how can i achieve this?
>>>>>>
>>>>>> The file names don't matter very much. What matters is whether they
>>>>>> are separate IP:PORT based vhosts. If they're not, they can't have
>>>>>> separate SSL configurations.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Eric Covener
>>>>>> covener@gmail.com
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>>
>>>>>>
>>>
>>
>

Mime
View raw message