On Thu, Jan 30, 2003 at 11:38:04AM -0700, Steve Chadsey wrote:
> One more question regarding the SSLCipherSuite line. Our security
> auditor recommended that we change the line
> SSLCipherSuite HIGH:MEDIUM:!ADH
> to
> SSLCipherSuite HIGH:MEDIUM:-ADH:-aNULL
>
> What is the difference?
> openssl ciphers -v 'HIGH:MEDIUM:!ADH'
> and
> openssl ciphers -v 'HIGH:MEDIUM:-ADH:-aNULL'
>
> both return the same cipher list. Is there a practical difference
> in the two directives?
Hmm, not now.
aNULL is equivalent to ADH, as Anonymous DH ciphers are the only aNULL
ciphers supported. If at any point in the future an anonymous cipher
without DH would be added (does such thing exist?), it might make
a difference.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
