On September 14, 2011 11:30 , Lee Fisher <fisher....@gmail.com> wrote:
I am looking to disable
SSL support for weak ciphers and SSL v2 protocol support
It seems like SSLCipherSuite directives are not recognized without
mod_ssl?
Is it necessary to use mod_ssl to disable this?
Essentially I am not currently using SSL at all, I just want to
prevent any security holes.
The SSL protocol and SSL ciphers are only used if you are using SSL.
mod_ssl is what implements SSL for Apache HTTP Server. Thus, if you are
not using mod_ssl, you are not using SSL and you do not have to worry
about weak ciphers or SSL protocol version 2.
The directives I use to disable SSL v2 and weak ciphers are:
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!NULL:!LOW:!EXP:!ADH:!MD5
Definitely do not enable mod_ssl just to use these directives. It is
safer and more secure (if you do not need SSL) to not load mod_ssl at all.
--
Mark Montague
m...@catseye.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org