So in general, I would have to build apache before I could use null ciphers?
On 12/02/2015 11:06 AM, Wall, Stephen wrote:
Encryption in https/apache is handled by mod_ssl. does that means,
since there are NULL ciphers I can just use them in apache/mod_ssl by
just changing a setting like:
SSLCipherSuite eNULL
in httpd.conf?
No. mod_ssl modifiers the ciphers you specify by appending
':!aNULL:!eNULL:!EXP' in recent versions, or by prepending
'!aNULL:!eNULL:!EXP:' in older versions. There were some releases where it was
possible to specify ciphers as
SSLOpenSSLConfCMD CipherString "eNULL"
and the ciphers you listed were not modified, but that has since been changed.
If you are not lucky enough to be using a version of apache that is in that
window, you will need to obtain the apache source, modify mod_ssl, and build a
custom version. Be aware of potential license issues with doing this if it is
for a deliverable.
-spw
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
