You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Matthieu Decorniquet <md...@partouchetechnologies.com> on 2011/05/02 17:15:16 UTC
SSL Cipher configuration
Hello,
I have a little issue with this great piece of software we are using in
our company
We are using trafficserver as a secure frontend for an online gambling
site, players connect to it through ssl, a plugin we added does some
stuff, then the data is sent to an apache through a ssl tunnel (we're
using stunnel).
The quirk here are the ciphers permitted by trafficserver during the ssl
handshake, we need roughly the ciphers reported by 'openssl ciphers FIPS
-v', and I can't find a way to specify that in trafficserver...
On the other hand, we needed to deactivate sslv2, which was on by
default in trafficserver, and quite easy to turn off...
Any help will be gladly appreciated on the matter...
Kind regards,
--
*Matthieu Decorniquet
**Partouche Technologies
Groupe Partouche Interactive***
Re: SSL Cipher configuration
Posted by "ming.zym@gmail.com" <mi...@gmail.com>.
yeah, we have no Cipher control in SSL for now, that issue have been
opened:
https://issues.apache.org/jira/browse/TS-730
[gsoc2011] SSL needs CipherSuite control in negotiation
sslv2 should be disabled by default, I will take care of it.
thanks
在 2011-05-02一的 17:15 +0200,Matthieu Decorniquet写道:
> Hello,
>
> I have a little issue with this great piece of software we are using in
> our company
>
> We are using trafficserver as a secure frontend for an online gambling
> site, players connect to it through ssl, a plugin we added does some
> stuff, then the data is sent to an apache through a ssl tunnel (we're
> using stunnel).
> The quirk here are the ciphers permitted by trafficserver during the ssl
> handshake, we need roughly the ciphers reported by 'openssl ciphers FIPS
> -v', and I can't find a way to specify that in trafficserver...
>
> On the other hand, we needed to deactivate sslv2, which was on by
> default in trafficserver, and quite easy to turn off...
>
> Any help will be gladly appreciated on the matter...
>
> Kind regards,
>