httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chetan jain <cpjai...@gmail.com>
Subject Re: [users@httpd] How to different SSLProtocol for each of the conf files
Date Tue, 25 Jul 2017 13:50:34 GMT
I tried it with the host port combination and somehow the web page does not
come up at all, could not keep it that way for longer period to
troubleshoot it as it was being used.

--Chetan

On Tue, Jul 25, 2017 at 6:21 AM, chetan jain <cpjain26@gmail.com> wrote:

> Thanks for the Reploy Luca.
>
> so i shall be listing all the possible IP:port in the virtualhost.conf
> file instead of just *:443 and that should make this work.
>
> Let me try this out.
>
> --Chetan
>
> On Tue, Jul 25, 2017 at 6:16 AM, Luca Toscano <toscano.luca@gmail.com>
> wrote:
>
>> As Eric pointed out earlier on:
>>
>> > The file names don't matter very much. What matters is whether they
>> > are separate IP:PORT based vhosts. If they're not, they can't have
>> > separate SSL configurations.
>>
>> In all files you have <VirtualHost *:443> and you use a different
>> ServerName to differentiate. I am not a big expert but I believe that what
>> Eric is saying is that if you want to use a different SSL configuration on
>> one VirtualHost you can with the constraint that the IP:PORT (stated in
>> <VirtualHost IP:PORT>) is unique and not used in another VirtualHost block.
>>
>> Luca
>>
>> 2017-07-25 12:01 GMT+02:00 chetan jain <cpjain26@gmail.com>:
>>
>>> Hi Luca,
>>>
>>> I have uploaded the content :
>>>
>>> https://apaste.info/t5ez
>>>
>>> Please review.
>>>
>>> --Chetan
>>>
>>> On Tue, Jul 25, 2017 at 4:17 AM, Luca Toscano <toscano.luca@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> we'd need to get your vhost configuration before helping further on, as
>>>> Eric mentioned you have probably some overlapping but it is very difficult
>>>> to debug only from your description. If you can put your configuration in
>>>> https://apaste.info/ it would be great, otherwise I'd suggest to reach
>>>> out to the folks in #httpd (IRC Freenode) to get some live help.
>>>>
>>>> Luca
>>>>
>>>>
>>>> 2017-07-25 6:45 GMT+02:00 chetan jain <cpjain26@gmail.com>:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Any more input on this?
>>>>>
>>>>> --Chetan
>>>>>
>>>>> On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjain26@gmail.com> wrote:
>>>>>
>>>>>> Hi Eric,
>>>>>>
>>>>>> Thanks for the reply.
>>>>>> We have a different server alias for each of the host, It does get
>>>>>> honoured that is how requests go to correct sites.
>>>>>>
>>>>>> It's just that something with the SSLProtocol, i read somewhere after
>>>>>> googling that SSLProtocol are taken from the first virtual host which
is
>>>>>> loaded and rest are ignored, trying to seek confirmation if that
is
>>>>>> correct...and what can be done to achieve the needful
>>>>>>
>>>>>> On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@gmail.com>
wrote:
>>>>>>
>>>>>>> On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@gmail.com>
>>>>>>> wrote:
>>>>>>> > Hi All,
>>>>>>> >
>>>>>>> > We have an Apache WebServer (2.2.15) setup on CentOS 6 where
in
>>>>>>> httpd,conf
>>>>>>> > we have included conf.d/*.conf files which has configuration
for
>>>>>>> all the
>>>>>>> > virtual hosts.
>>>>>>> >
>>>>>>> > In conf.d we have respective .conf file for each of the
virtual
>>>>>>> hosts like :
>>>>>>> >
>>>>>>> > abc_com.conf for abc.com
>>>>>>> > xyz_com.conf for xyz.com
>>>>>>> >
>>>>>>> > etc
>>>>>>> >
>>>>>>> > now I want to disable the TLSv1.0 and SSLv3 request only
for one
>>>>>>> of this
>>>>>>> > virtual hosts, but even if i put the values like :
>>>>>>> >
>>>>>>> > SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
 in
>>>>>>> xyz_com.conf
>>>>>>> > file TLSv1.0 and 1.1 are still enabled for xyz.com
>>>>>>> >
>>>>>>> > to disable it, I have to put the same value in abc_com.conf
file
>>>>>>> as well,
>>>>>>> > then only it get disabled for xyz.com as well (even if i
remove
>>>>>>> the paramter
>>>>>>> > from xyz_com.conf in that case it is still disabled)
>>>>>>> >
>>>>>>> > can't we have different SSLProtocol for different virtual
hosts?
>>>>>>> >
>>>>>>> > I can not disable it for all the websites, have to do it
for only
>>>>>>> one of
>>>>>>> > them, how can i achieve this?
>>>>>>>
>>>>>>> The file names don't matter very much. What matters is whether
they
>>>>>>> are separate IP:PORT based vhosts. If they're not, they can't
have
>>>>>>> separate SSL configurations.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Eric Covener
>>>>>>> covener@gmail.com
>>>>>>>
>>>>>>> ------------------------------------------------------------
>>>>>>> ---------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>>>
>>>>>>>
>>>>
>>>
>>
>

Mime
View raw message