DO NOT REPLY [Bug 51958] New: mod_ssl documentation is confusing re. SSLCipherSuite Directive

bugzilla Tue, 04 Oct 2011 19:51:51 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=51958


             Bug #: 51958
           Summary: mod_ssl documentation is confusing re. SSLCipherSuite
                    Directive
           Product: Apache httpd-2
           Version: 2.2-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
        AssignedTo: docs@httpd.apache.org
        ReportedBy: ad...@triumf.ca
    Classification: Unclassified


In the Apache documentation
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite
there is an example:

$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
...

Using this command on Linux, the NULL ciphers are suppressed so that NULL-SHA
is not listed.


The page also states:

The default cipher-spec string is
``ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'' which means the following:
first, remove from consideration any ciphers that do not authenticate, ...
Next, use ciphers using RC4 and RSA. "

I interpret this to mean that ciphers using RC4 are first in the list. But in
fact, these ciphers are already included in ALL, and are not first. The
presence of RC4+RSA in the cipher string has no effect at all.


using openssl-0.9.8e on RHEL5.2

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org

DO NOT REPLY [Bug 51958] New: mod_ssl documentation is confusing re. SSLCipherSuite Directive

Reply via email to