On Wed, Sep 5, 2018 at 10:11 PM, alchemist vk <alchemist...@gmail.com> wrote:
> Hi William, > Sorry for late response.. I appreciate your response. > Small clarification: You meant to say, with space as delimiter, httpd > parses will consider space separated tokens as each individual httpd > directives? > The syntax of SSL_CMD_ALL(CipherSuite, TAKE1, ...) states that only a single token is permitted (confirmed in 2.4.current). It will consider each token individual arguments, and only one is permitted. Placing the space-seperated tokens within double quotes causes httpd to treat it as a single argument to SSLCipherSuite. It still may not work, we only "support" colon-separated lists, as documented, but pass the string given, and the rest is up to OpenSSL. > On Mon, Aug 27, 2018 at 7:03 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > >> A good argument for following httpd documented convention. >> >> If you want to continue exploring, you would want to quote the cipher >> string, since httpd would take apart unquotes, space separated tokens as >> different httpd directive arguments, and you surely don't want that. >> >> On Sat, Aug 25, 2018, 20:05 alchemist vk <alchemist...@gmail.com> wrote: >> >>> Hi All, >>> >>> openssl standard says " The cipher list consists of one or more *cipher >>> strings* separated by colons. Commas or spaces are also acceptable >>> separators but colons are normally used". But apache says "directive >>> uses a *colon-separated* *cipher-spec* string consisting of OpenSSL >>> cipher specifications to configure the Cipher Suite the client is permitted >>> to negotiate in the SSL handshake phase" in https://httpd.apache.org/do >>> cs/2.4/mod/mod_ssl.html. >>> >>> >>> So, when I configured apache by separating cipher string with spaces, >>> cipher string has no affect. But when cipher string is configured with >>> colons, cipher string has effect. >>> >>> >>> So, please provide clarification, is there any limitation why we can’t >>> configure cipher string by using space as delimiter in apache. >>> >>> >>> PS: I am using 2.4 apache version in Linux OS. >>> >>> With Regards, >>> Venkatesh >>> >> >
