https://issues.apache.org/bugzilla/show_bug.cgi?id=51958
Bug #: 51958
Summary: mod_ssl documentation is confusing re. SSLCipherSuite
Directive
Product: Apache httpd-2
Version: 2.2-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: Documentation
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
In the Apache documentation
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite
there is an example:
$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
...
Using this command on Linux, the NULL ciphers are suppressed so that NULL-SHA
is not listed.
The page also states:
The default cipher-spec string is
``ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'' which means the following:
first, remove from consideration any ciphers that do not authenticate, ...
Next, use ciphers using RC4 and RSA. "
I interpret this to mean that ciphers using RC4 are first in the list. But in
fact, these ciphers are already included in ALL, and are not first. The
presence of RC4+RSA in the cipher string has no effect at all.
using openssl-0.9.8e on RHEL5.2
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
