Full_Name: Yutaka OIWA Version: 2.0.9- OS: Linux Submission from: 84.pool5.tokyo.att.ne.jp (165.76.22.99) I added > SSLRequiredCiphers DEFAULT:!IDEA to the main server section of httpd.conf and > SSLEnable to the virtual-host section. However, % ssleay s_client -cipher IDEA can still connect to the server with IDEA cipher. I think that the line > cfgMergeString(szReqCiphers); is required in the function "config_server_merge", isn't it? I found this bug on mod_ssl 2.0.9. cfgMergeString is still missing on version 2.0.13, but behavior is only checked on 2.0.9, sorry. (also I'm sorry for late bug report...) ______________________________________________________________________ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]