On Thu, Jan 30, 2003 at 11:38:04AM -0700, Steve Chadsey wrote: > One more question regarding the SSLCipherSuite line. Our security > auditor recommended that we change the line > SSLCipherSuite HIGH:MEDIUM:!ADH > to > SSLCipherSuite HIGH:MEDIUM:-ADH:-aNULL > > What is the difference? > openssl ciphers -v 'HIGH:MEDIUM:!ADH' > and > openssl ciphers -v 'HIGH:MEDIUM:-ADH:-aNULL' > > both return the same cipher list. Is there a practical difference > in the two directives?
Hmm, not now. aNULL is equivalent to ADH, as Anonymous DH ciphers are the only aNULL ciphers supported. If at any point in the future an anonymous cipher without DH would be added (does such thing exist?), it might make a difference. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]