Re: [users@httpd] Weirdo intepretation of SSLprotocol order

Mon, 11 May 2015 02:32:02 -0700 

Hello,
Well - a patched version... what do you mean -i've build apache22-2.2.29_2 from ports... so its already up to date. However openssl runtime is openssl-1.0.1_16, where i see there is a openssl-1.0.2_1 available from ports. I prefer to build from ports, in order to host a standardized environment for the web.. 


I have been looking into migration to apache httpd 2.4, but from my 
understanding the config interpretor is not backwards compatible, so i 
have to renew all configs. I run around 50 domains and 450 sites, and 
about 15 instances of apache httpd.. so there will be a bunch of config 
redoing..



Do you mean - building 2.2.29 from apache.org sources ?



br
congo

On 2015-05-07 11:13, Yann Ylavic wrote:

Hello,

you may hit an issue fixed in [1] (for upcoming 2.4.13).

Can you manage to build a patched httpd-2.2.29 from sources?

Regards,
Yann.

[1] http://svn.us.apache.org/r1663258


On Wed, May 6, 2015 at 2:54 PM,  <apa...@thva.dk> wrote:

hello,


So i have an apache 2.2.29 running Prefork on FreeBSD 64bit.


I have a number of vhosts included - one vhost per domain name. In any 
of
these vhost containers the SSLProtocol directive seems to be ignored, 
but
only the default vhost is dictating the SSLProtocol for all other 
(this is
ofcourse the first HTTPS enabled vhost container, which might be 
relevant).
Though documentation argues that its applicable per vhost, and not 
only in

server config.

For testing purpose, i use add the following to my sub-vhost:
        SSLProtocol             -ALL +TLSv1.2

But when the default vhost is configured as such:
        SSLProtocol             -ALL +TLSv1 +TLSv1.1 +TLSv1.2

- that final example is the only, thats used throughout the webserver.



I read in 
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol,

that it should be applicable per virtual host.

The goal is to host some sites via TLS 1.2 only, and some other ones 
only in

TLS 1.1 for instance.



Does anyone else meet the same challenge or know how to resolve this ?



br
congo



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org























					Reply via email to