Not that I have much say in the matter, being new here and all, but I definitely like the idea.
I also had another one. How opposed would anyone be, if "apache2ctl fullstatus" gave a bit more of this relevant cipher info that I originally inquired about? Seems like a good place to stick it, since it wouldn't require one to connect to oneself to see Apache2 / mod_ssl's status data. Somewhere near "SSL/TLS Session Cache Status:" seems like a good place. On Thu, Oct 28, 2010 at 10:53 PM, William A. Rowe Jr. <wr...@rowe-clan.net>wrote: > > The manual recommends testing your SSLCipherSuite with the openssl > > command line utility. > > > > You could open an enhancement bugzilla entry to allow a config test or > > trace method to make the openssl calls to provide this info. > > A debug emit at startup would be appropriate... had come across this in the > context of FIPS... when giving a cipher list with non-FIPS ciphers, those > are > silently ignored (as are all unrecgonized cipher patterns). A debug > startup > message after we set the cipher suite which retrieves the effective cipher > list would be most helpful to admins in troubleshooting the typos in their > list. > > > -- smu johnson <smujohn...@gmail.com>
