You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Fiorenzi Alessandro <a....@infogroup.it> on 2005/06/30 10:43:43 UTC

[users@httpd] AES on SSL with apache2

Hi, I have seen that some site like washington.edu if your client is
firefox use AES for SSL  encription, and other like RC4 128 for Explorer
or other browser.

How can I configure my apache to use AES?

Thanks 

Alessandro Fiorenzi



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: AES on SSL with apache2

Posted by Joost de Heer <sa...@xs4all.nl>.

Fiorenzi Alessandro said:
> Hi, I have seen that some site like washington.edu if your client is
> firefox use AES for SSL  encription, and other like RC4 128 for Explorer
> or other browser.
>
> How can I configure my apache to use AES?

Check SSLCipherSuite.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] AES on SSL with apache2

Posted by Alexander Lazic <al...@none.at>.

Hi,

On Don 30.06.2005 11:05, Fiorenzi Alessandro wrote:
>> 
>> SSLCipherSuite
>> 
>> vor 1.3.x
>>   => http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9
>> vor 2.0.x
>>   => http://httpd.apache.org/docs-2.0/mod/mod_ssl.html.en#sslciphersuite
>> 
>> Hth
>> 
>> al ;-)
>
>but no one of that regard about AES

Aehm have you read _all_ of the description?!

>From the above page:
openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'|egrep AES|wc -l
6

openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'

---
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-RC4-SHA         SSLv3 Kx=DH       Au=DSS  Enc=RC4(128)  Mac=SHA1
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
RC4-64-MD5              SSLv2 Kx=RSA      Au=RSA  Enc=RC4(64)   Mac=MD5 
DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=RC4(56)   Mac=SHA1 export
EXP1024-RC4-SHA         SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC4(56)   Mac=SHA1 export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS  Enc=DES(56)   Mac=SHA1 export
EXP1024-DES-CBC-SHA     SSLv3 Kx=RSA(1024) Au=RSA  Enc=DES(56)   Mac=SHA1 export
EXP1024-RC2-CBC-MD5     SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC2(56)   Mac=MD5  export
EXP1024-RC4-MD5         SSLv3 Kx=RSA(1024) Au=RSA  Enc=RC4(56)   Mac=MD5  export
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
---

Hth

al ;-)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] AES on SSL with apache2

Posted by Fiorenzi Alessandro <a....@infogroup.it>.

On Thu, 2005-06-30 at 10:54 +0200, Alexander Lazic wrote:
> Hi,
> 
> On Don 30.06.2005 10:43, Fiorenzi Alessandro wrote:
> >
> >I have seen that some site like washington.edu if your client is
> >firefox use AES for SSL encription, and other like RC4 128 for Explorer
> >or other browser.
> >
> >How can I configure my apache to use AES?
> 
> SSLCipherSuite
> 
> vor 1.3.x
>   => http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9
> vor 2.0.x
>   => http://httpd.apache.org/docs-2.0/mod/mod_ssl.html.en#sslciphersuite
> 
> Hth
> 
> al ;-)

but no one of that regard about AES




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] AES on SSL with apache2

Posted by Alexander Lazic <al...@none.at>.

Hi,

On Don 30.06.2005 10:43, Fiorenzi Alessandro wrote:
>
>I have seen that some site like washington.edu if your client is
>firefox use AES for SSL encription, and other like RC4 128 for Explorer
>or other browser.
>
>How can I configure my apache to use AES?

SSLCipherSuite

vor 1.3.x
  => http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9
vor 2.0.x
  => http://httpd.apache.org/docs-2.0/mod/mod_ssl.html.en#sslciphersuite

Hth

al ;-)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org