You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/04/12 14:59:44 UTC

[Bug 60739] SSLProtocol settings seem to have no effect

https://bz.apache.org/bugzilla/show_bug.cgi?id=60739

--- Comment #28 from Dirk <di...@testssl.sh> ---

I have a similar problem with Ubuntu 18.04 (Apache 2.4.39 + openssl 1.1.0g) and
it maybe sheds some light into this.

Protocol is always 

SSLProtocol             -All +TLSv1.2


SSLCipherSuite

1)
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256

2)
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256

Diff is ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-SHA,
DHE-RSA-AES128-GCM-SHA256.

I played a bit around with those three (using testssl.sh) and looked to me when
I enable ECDHE-RSA-AES128-SHA I have TLS 1.0 + 1.1. Which seems strange to me
but it's is what I found.

What is going on here?

Dirk

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org