One more question regarding the SSLCipherSuite line. Our security
auditor recommended that we change the line
SSLCipherSuite HIGH:MEDIUM:!ADH
to
SSLCipherSuite HIGH:MEDIUM:-ADH:-aNULL
What is the difference?
openssl ciphers -v 'HIGH:MEDIUM:!ADH'
and
openssl ciphers -v
On Fri, Jan 24, 2003 at 09:30:28AM -, [EMAIL PROTECTED] wrote:
Try http://www.netcraft.com/sslwhats. It will give you a list of ciphers.
OK. I did that, and the only one I support is RC4 with MD5. Strange, I
thought I would be able to support more. Actually, to amend my previous
post,
-MD5
NULL-MD5
NULL-SHA
Is the security auditor full of it? How can I verify their results
from an external machine (they've scanned the network from an
external box)?
Thanks,
--
Steve Chadsey [EMAIL PROTECTED]
__
Apache Interface
