As Eric pointed out earlier on: > The file names don't matter very much. What matters is whether they > are separate IP:PORT based vhosts. If they're not, they can't have > separate SSL configurations.
In all files you have <VirtualHost *:443> and you use a different ServerName to differentiate. I am not a big expert but I believe that what Eric is saying is that if you want to use a different SSL configuration on one VirtualHost you can with the constraint that the IP:PORT (stated in <VirtualHost IP:PORT>) is unique and not used in another VirtualHost block. Luca 2017-07-25 12:01 GMT+02:00 chetan jain <cpjai...@gmail.com>: > Hi Luca, > > I have uploaded the content : > > https://apaste.info/t5ez > > Please review. > > --Chetan > > On Tue, Jul 25, 2017 at 4:17 AM, Luca Toscano <toscano.l...@gmail.com> > wrote: > >> Hi, >> >> we'd need to get your vhost configuration before helping further on, as >> Eric mentioned you have probably some overlapping but it is very difficult >> to debug only from your description. If you can put your configuration in >> https://apaste.info/ it would be great, otherwise I'd suggest to reach >> out to the folks in #httpd (IRC Freenode) to get some live help. >> >> Luca >> >> >> 2017-07-25 6:45 GMT+02:00 chetan jain <cpjai...@gmail.com>: >> >>> Hi All, >>> >>> Any more input on this? >>> >>> --Chetan >>> >>> On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjai...@gmail.com> wrote: >>> >>>> Hi Eric, >>>> >>>> Thanks for the reply. >>>> We have a different server alias for each of the host, It does get >>>> honoured that is how requests go to correct sites. >>>> >>>> It's just that something with the SSLProtocol, i read somewhere after >>>> googling that SSLProtocol are taken from the first virtual host which is >>>> loaded and rest are ignored, trying to seek confirmation if that is >>>> correct...and what can be done to achieve the needful >>>> >>>> On 21 Jul 2017 5:09 p.m., "Eric Covener" <cove...@gmail.com> wrote: >>>> >>>>> On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjai...@gmail.com> >>>>> wrote: >>>>> > Hi All, >>>>> > >>>>> > We have an Apache WebServer (2.2.15) setup on CentOS 6 where in >>>>> httpd,conf >>>>> > we have included conf.d/*.conf files which has configuration for all >>>>> the >>>>> > virtual hosts. >>>>> > >>>>> > In conf.d we have respective .conf file for each of the virtual >>>>> hosts like : >>>>> > >>>>> > abc_com.conf for abc.com >>>>> > xyz_com.conf for xyz.com >>>>> > >>>>> > etc >>>>> > >>>>> > now I want to disable the TLSv1.0 and SSLv3 request only for one of >>>>> this >>>>> > virtual hosts, but even if i put the values like : >>>>> > >>>>> > SSLProtocol ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1 in >>>>> xyz_com.conf >>>>> > file TLSv1.0 and 1.1 are still enabled for xyz.com >>>>> > >>>>> > to disable it, I have to put the same value in abc_com.conf file as >>>>> well, >>>>> > then only it get disabled for xyz.com as well (even if i remove the >>>>> paramter >>>>> > from xyz_com.conf in that case it is still disabled) >>>>> > >>>>> > can't we have different SSLProtocol for different virtual hosts? >>>>> > >>>>> > I can not disable it for all the websites, have to do it for only >>>>> one of >>>>> > them, how can i achieve this? >>>>> >>>>> The file names don't matter very much. What matters is whether they >>>>> are separate IP:PORT based vhosts. If they're not, they can't have >>>>> separate SSL configurations. >>>>> >>>>> >>>>> -- >>>>> Eric Covener >>>>> cove...@gmail.com >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>>>> For additional commands, e-mail: users-h...@httpd.apache.org >>>>> >>>>> >> >
