Thanks William for your valuable response. It helped a lot in understanding httpd parsing. Really appreciate your time and knowledge.
With Regards, Venkatesh On Thu, Sep 6, 2018 at 8:31 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Wed, Sep 5, 2018 at 10:11 PM, alchemist vk <alchemist...@gmail.com> > wrote: > >> Hi William, >> Sorry for late response.. I appreciate your response. >> Small clarification: You meant to say, with space as delimiter, httpd >> parses will consider space separated tokens as each individual httpd >> directives? >> > > The syntax of SSL_CMD_ALL(CipherSuite, TAKE1, ...) states that only a > single token is permitted (confirmed in 2.4.current). > > It will consider each token individual arguments, and only one is > permitted. Placing the space-seperated tokens within double quotes causes > httpd to treat it as a single argument to SSLCipherSuite. It still may not > work, we only "support" colon-separated lists, as documented, but pass the > string given, and the rest is up to OpenSSL. > > >> On Mon, Aug 27, 2018 at 7:03 PM, William A Rowe Jr <wr...@rowe-clan.net> >> wrote: >> >>> A good argument for following httpd documented convention. >>> >>> If you want to continue exploring, you would want to quote the cipher >>> string, since httpd would take apart unquotes, space separated tokens as >>> different httpd directive arguments, and you surely don't want that. >>> >>> On Sat, Aug 25, 2018, 20:05 alchemist vk <alchemist...@gmail.com> wrote: >>> >>>> Hi All, >>>> >>>> openssl standard says " The cipher list consists of one or more *cipher >>>> strings* separated by colons. Commas or spaces are also acceptable >>>> separators but colons are normally used". But apache says "directive >>>> uses a *colon-separated* *cipher-spec* string consisting of OpenSSL >>>> cipher specifications to configure the Cipher Suite the client is permitted >>>> to negotiate in the SSL handshake phase" in https://httpd.apache.org/do >>>> cs/2.4/mod/mod_ssl.html. >>>> >>>> >>>> So, when I configured apache by separating cipher string with spaces, >>>> cipher string has no affect. But when cipher string is configured with >>>> colons, cipher string has effect. >>>> >>>> >>>> So, please provide clarification, is there any limitation why we can’t >>>> configure cipher string by using space as delimiter in apache. >>>> >>>> >>>> PS: I am using 2.4 apache version in Linux OS. >>>> >>>> With Regards, >>>> Venkatesh >>>> >>> >> >
