You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2011/10/05 04:51:20 UTC
DO NOT REPLY [Bug 51958] New: mod_ssl documentation is confusing re.
SSLCipherSuite Directive
https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
Bug #: 51958
Summary: mod_ssl documentation is confusing re. SSLCipherSuite
Directive
Product: Apache httpd-2
Version: 2.2-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
AssignedTo: docs@httpd.apache.org
ReportedBy: advax@triumf.ca
Classification: Unclassified
In the Apache documentation
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite
there is an example:
$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
...
Using this command on Linux, the NULL ciphers are suppressed so that NULL-SHA
is not listed.
The page also states:
The default cipher-spec string is
``ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'' which means the following:
first, remove from consideration any ciphers that do not authenticate, ...
Next, use ciphers using RC4 and RSA. "
I interpret this to mean that ciphers using RC4 are first in the list. But in
fact, these ciphers are already included in ALL, and are not first. The
presence of RC4+RSA in the cipher string has no effect at all.
using openssl-0.9.8e on RHEL5.2
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
DO NOT REPLY [Bug 51958] mod_ssl documentation is confusing re.
SSLCipherSuite Directive
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
--- Comment #1 from Igor Galić <i....@brainsware.org> 2012-04-03 08:38:19 UTC ---
That particular part of the documentation is ca 10 years old. Might be time to
update it.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
DO NOT REPLY [Bug 51958] mod_ssl documentation is confusing re.
SSLCipherSuite Directive
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
--- Comment #3 from Igor Galić <i....@brainsware.org> 2012-04-10 21:11:42 UTC ---
Created attachment 28572
--> https://issues.apache.org/bugzilla/attachment.cgi?id=28572
proposed patch for very outdated SSLCipherSuite doc
use pquerna's CipherSuite as example. Explain what it does.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
DO NOT REPLY [Bug 51958] mod_ssl documentation is confusing re.
SSLCipherSuite Directive
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
Igor Galić <i....@brainsware.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #4 from Igor Galić <i....@brainsware.org> 2012-04-11 11:30:55 UTC ---
r1324707
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
DO NOT REPLY [Bug 51958] mod_ssl documentation is confusing re.
SSLCipherSuite Directive
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
--- Comment #2 from Igor Galić <i....@brainsware.org> 2012-04-10 20:46:18 UTC ---
I just realized that the discussion we had in #httpd-dev hasn't been transfered
over here.
Let's see if I can remotely remember it:
The docs on this are 10 y/o. Back then, OpenSSL 0.9.6e was new and hot. Since
then the behaviour of this output has changed, a lot.
We should replace the output with what a current version of OpenSSL provides,
so as not to confuse people.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
DO NOT REPLY [Bug 51958] mod_ssl documentation is confusing re.
SSLCipherSuite Directive
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
Igor Galić <i....@brainsware.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org