You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/04/12 14:59:44 UTC
[Bug 60739] SSLProtocol settings seem to have no effect
https://bz.apache.org/bugzilla/show_bug.cgi?id=60739
--- Comment #28 from Dirk <di...@testssl.sh> ---
I have a similar problem with Ubuntu 18.04 (Apache 2.4.39 + openssl 1.1.0g) and
it maybe sheds some light into this.
Protocol is always
SSLProtocol -All +TLSv1.2
SSLCipherSuite
1)
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256
2)
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256
Diff is ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-SHA,
DHE-RSA-AES128-GCM-SHA256.
I played a bit around with those three (using testssl.sh) and looked to me when
I enable ECDHE-RSA-AES128-SHA I have TLS 1.0 + 1.1. Which seems strange to me
but it's is what I found.
What is going on here?
Dirk
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org