Thanks everyone, My server is slightly different but it looks like I'll be able to set this up similarly
--- Frank Hecker <[EMAIL PROTECTED]> wrote: > Nelson B Bolyard wrote: > > The client sends the server a list, saying "these > are > > the cipher suites that I (client) support." The > server picks one, > > and says "we'll use this one". The server never > says "I support all > > of these." > > To give a concrete example of this, with the Apache > 2.0 web server and > the MOD_SSL Apache module server-side selection of a > ciphersuite is > under control of the SSLCipherSuite directive: > > > http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite > > Using this directive you can completely control the > list of ciphersuites > from which the server makes its (single) choice of > ciphersuite, > including the order of preference in the (typical) > case where the client > supports multiple ciphersuites. > > The various ways in which you can specify > ciphersuite preferences in > Apache are somewhat complicated, but if you just > want the server to > support only null ciphersuites then it is pretty > straightforward: You > can just specify > > SSLCipherSuite NULL > > to have your server support any null ciphersuite > (and only null > ciphersuites), or (for example) > > SSLCipherSuite NULL-SHA > > to have the server support only the NULL-SHA > ciphersuite (the SSLv3 null > ciphersuite using RSA and SHA1). > > As noted in the Apache documentation, for MOD_SSL > you can use the > command 'openssl ciphers -v' to verify the list of > ciphersuites that the > server will be using; thus for example the output of > the command > > openssl ciphers -v 'NULL' > > shows that using the Apache MOD_SSL directive > 'SSLCipherSuite NULL' the > server's list of supported ciphersuites will be > AECDH-NULL-SHA, > ECDH-RSA-NULL-SHA, ECDH-ECDSA-NULL-SHA, NULL-SHA, > and NULL-MD5 in that > order. > > Frank > > -- > Frank Hecker > [EMAIL PROTECTED] > _______________________________________________ > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
