https://bz.apache.org/bugzilla/show_bug.cgi?id=60739
--- Comment #6 from David Favor <[email protected]> --- The problem seems to be an interaction between the Cipher List + SSLProtocol. Depending on setting of Cipher List SSLProtocol seems to work or be ignored. These settings disable TLSv1.0 # support old Android phones SSLProtocol All -SSLv2 -SSLv3 -TLSv1 # Force using custom cipher list SSLHonorCipherOrder on Define sslCiphers -ALL:!ADH:!aNULL:!EXP:!EXPORT40:!EXPORT56:!3DES:!eNULL:!NULL:!RC4:!DES:!MD5:!LOW Define sslCiphers ${sslCiphers}:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA SSLCipherSuite ${sslCiphers} Other sslCiphers settings cause SSLProtocol to be ignored. I think the fix is either to have SSLProtocol cause a prune of sslCiphers settings or if there's a conflict between SSLProtocol + sslCiphers then have some sort of warning about the conflict. All in all, the problem is far more complex than it appears on the surface. For now, I'll resolve my situation by using the above settings. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
