RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-17 Thread apache
his is not possible in Apache given the usage of OpenSSL as the SSL/TLS library. Does that sum it up? Thanks, Karl Date: Tue, 16 Jun 2015 23:54:39 +0200 From: ylavic@gmail.com To: users@httpd.apache.org Subject: Re: [users@httpd] VirtualHosts, SSLPro

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Yann Ylavic
+0200 >> From: ylavic@gmail.com >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite >> >> On Tue, Jun 16, 2015 at 10:48 PM, karl karloff >> wrote: >>> I am attempting to set up more than one subdomain

RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread karl karloff
:39 +0200 > From: ylavic@gmail.com > To: users@httpd.apache.org > Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite > > On Tue, Jun 16, 2015 at 10:48 PM, karl karloff > wrote: >> I am attempting to set up more than one subdomain on :443 in this

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Yann Ylavic
On Tue, Jun 16, 2015 at 10:48 PM, karl karloff wrote: > I am attempting to set up more than one subdomain on :443 in this example. > > so something like > sslv3.example.com:443 responds with SSLv3 only > tlsv1.example.com:443 responds with TLSv1.0 only > ... > > I wasn't aware that could be achiev

RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread karl karloff
bject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite > > On Tue, Jun 16, 2015 at 1:57 PM, karl karloff wrote: >> > > AIUI This VH style is not used much and could be contributing. If you > don't care what underlying interface/IP is used, use *:443 and &g

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Eric Covener
On Tue, Jun 16, 2015 at 1:57 PM, karl karloff wrote: > AIUI This VH style is not used much and could be contributing. If you don't care what underlying interface/IP is used, use *:443 and ServerName inside. Otherwise, use the local interface address/IP and ServerName inside. -- Eric Covener

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Noway Priv
- >> Date: Tue, 16 Jun 2015 11:17:22 +0200 >> From: sarkofag...@gmail.com >> To: users@httpd.apache.org >> Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite >> >> Hi, >> >> Have y

RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread karl karloff
! Shouldn't it fail and not negotiate that? Thanks, Karl > Date: Tue, 16 Jun 2015 11:17:22 +0200 > From: sarkofag...@gmail.com > To: users@httpd.apache.org > Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite > > Hi, >

Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-16 Thread Noway Priv
Hi, Have you tested with the "+"? from docs : Syntax:SSLProtocol [+|-]protocol ... ex : SSLProtocol +TLSv1.2 ... SSLProtocol+SSLv3 ... On Tue, Jun 16, 2015 at 12:37 AM, karl karloff wrote: > Is there a way in the current Apache (2.4.x or 2.2.x) to specify an > SSLProtocol and SSLC

[users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-15 Thread karl karloff
Is there a way in the current Apache (2.4.x or 2.2.x) to specify an SSLProtocol and SSLCipherSuite that affects only a singular VirtualHost? e.g. www.example.com requires modern encryption (i.e. TLSv1.2) old.example.com allows only deprecated Protocols/ciphers (e.g. SSLv3) I tried using somethin