You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Qingshan Xie <xi...@yahoo.com> on 2005/11/13 19:12:41 UTC
[users@httpd] mod_ssl: How to change the SSLCipherSuite setup
All,
I am using Apache 2.0.54 with. The default
SSLCipherSuite is
SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
In this CipherSuite, I observed nearly all
browsers(IE, Netscape, Firefox) select RC4. Tried to
change it to 3DES, like
SSLCipherSuite
ALL:!ADH:3DES+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
But did not work at all. Can some ones help me to
change the CipherSuite to use 3DES instead of RC4?
Many thanks, Q.Xie
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_ssl: How to change the SSLCipherSuite setup
Posted by Jérôme Tytgat <je...@asterion.fr>.
If your main quest is to harden Cipher Suite, something like
that is quite good :
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
you should remove SSLv2 as it as weakness.
Jerome
Qingshan Xie a écrit :
> I am using Apache 2.0.54 with. The default
> SSLCipherSuite is
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org