httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chetan jain <cpjai...@gmail.com>
Subject Re: [users@httpd] How to different SSLProtocol for each of the conf files
Date Tue, 25 Jul 2017 10:01:28 GMT
Hi Luca,

I have uploaded the content :

https://apaste.info/t5ez

Please review.

--Chetan

On Tue, Jul 25, 2017 at 4:17 AM, Luca Toscano <toscano.luca@gmail.com>
wrote:

> Hi,
>
> we'd need to get your vhost configuration before helping further on, as
> Eric mentioned you have probably some overlapping but it is very difficult
> to debug only from your description. If you can put your configuration in
> https://apaste.info/ it would be great, otherwise I'd suggest to reach
> out to the folks in #httpd (IRC Freenode) to get some live help.
>
> Luca
>
>
> 2017-07-25 6:45 GMT+02:00 chetan jain <cpjain26@gmail.com>:
>
>> Hi All,
>>
>> Any more input on this?
>>
>> --Chetan
>>
>> On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjain26@gmail.com> wrote:
>>
>>> Hi Eric,
>>>
>>> Thanks for the reply.
>>> We have a different server alias for each of the host, It does get
>>> honoured that is how requests go to correct sites.
>>>
>>> It's just that something with the SSLProtocol, i read somewhere after
>>> googling that SSLProtocol are taken from the first virtual host which is
>>> loaded and rest are ignored, trying to seek confirmation if that is
>>> correct...and what can be done to achieve the needful
>>>
>>> On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@gmail.com> wrote:
>>>
>>>> On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@gmail.com>
>>>> wrote:
>>>> > Hi All,
>>>> >
>>>> > We have an Apache WebServer (2.2.15) setup on CentOS 6 where in
>>>> httpd,conf
>>>> > we have included conf.d/*.conf files which has configuration for all
>>>> the
>>>> > virtual hosts.
>>>> >
>>>> > In conf.d we have respective .conf file for each of the virtual hosts
>>>> like :
>>>> >
>>>> > abc_com.conf for abc.com
>>>> > xyz_com.conf for xyz.com
>>>> >
>>>> > etc
>>>> >
>>>> > now I want to disable the TLSv1.0 and SSLv3 request only for one of
>>>> this
>>>> > virtual hosts, but even if i put the values like :
>>>> >
>>>> > SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1  in
>>>> xyz_com.conf
>>>> > file TLSv1.0 and 1.1 are still enabled for xyz.com
>>>> >
>>>> > to disable it, I have to put the same value in abc_com.conf file as
>>>> well,
>>>> > then only it get disabled for xyz.com as well (even if i remove the
>>>> paramter
>>>> > from xyz_com.conf in that case it is still disabled)
>>>> >
>>>> > can't we have different SSLProtocol for different virtual hosts?
>>>> >
>>>> > I can not disable it for all the websites, have to do it for only one
>>>> of
>>>> > them, how can i achieve this?
>>>>
>>>> The file names don't matter very much. What matters is whether they
>>>> are separate IP:PORT based vhosts. If they're not, they can't have
>>>> separate SSL configurations.
>>>>
>>>>
>>>> --
>>>> Eric Covener
>>>> covener@gmail.com
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>

Mime
View raw message