You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Kalpan S Shah <ks...@lucent.com> on 2004/03/03 17:46:03 UTC
[users@httpd] ssl.conf (SSLCipherSuite) question
Hello,
Currently we have following line in ssl.conf file
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
I like to add SHA support, can I add SHA as follows:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA+SHA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
The reason I need to add is to support SHA encrypted password in
.htusers file.
Thanks,
- Kalpan Shah
Re: [users@httpd] ssl.conf (SSLCipherSuite) question
Posted by Kalpan S Shah <ks...@lucent.com>.
Thanks a lot Brian and Ben.
I will keep looking, need to find support for SHA in .htusers file.
Thanks and Regards,
- Kalpan Shah
On 3/3/2004 7:37 PM, Brian Dessent wrote:
>>Kalpan S Shah wrote:
>>
>>
>
>
>
>>Currently we have following line in ssl.conf file
>>
>>SSLCipherSuite
>>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>>I like to add SHA support, can I add SHA as follows:
>>
>>SSLCipherSuite
>>ALL:!ADH:!EXPORT56:RC4+RSA+SHA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>>The reason I need to add is to support SHA encrypted password in
>>.htusers file.
>>
>>
>
>As far as I know, the ciphersuite used to negotiate a SSL or TLS session
>(which is what you're configuring above) has absolutely nothing to do
>with the format that passwords are stored in a .htusers file.
>
>Brian
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
Re: [users@httpd] ssl.conf (SSLCipherSuite) question
Posted by Brian Dessent <br...@dessent.net>.
> Kalpan S Shah wrote:
> Currently we have following line in ssl.conf file
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> I like to add SHA support, can I add SHA as follows:
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA+SHA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> The reason I need to add is to support SHA encrypted password in
> .htusers file.
As far as I know, the ciphersuite used to negotiate a SSL or TLS session
(which is what you're configuring above) has absolutely nothing to do
with the format that passwords are stored in a .htusers file.
Brian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] ssl.conf (SSLCipherSuite) question
Posted by Ben Yau <by...@cardcommerce.com>.
I was under the assumption that SHA was included with the "ALL" so you
wouldn't have to change the default SSLCipherSuite.
Anyone else who can confirm/clarify?
Thanks-
Ben
[byau@netmanage01 cf]$ openssl ciphers -v
'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-64-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5
DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1
export
EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1
export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1
export
EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1
export
EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5
export
EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5
export
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1
export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1
export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1
export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5
export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5
export
EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5
export
EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5
export
[byau@netmanage01 cf]$
-----Original Message-----
From: Kalpan S Shah [mailto:ksshah@lucent.com]
Sent: Wednesday, March 03, 2004 8:46 AM
To: users@httpd.apache.org
Subject: [users@httpd] ssl.conf (SSLCipherSuite) question
Hello,
Currently we have following line in ssl.conf file
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
I like to add SHA support, can I add SHA as follows:
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA+SHA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
The reason I need to add is to support SHA encrypted password in
.htusers file.
Thanks,
- Kalpan Shah