Hello, regarding the page
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite (using Apache 2.4.7 and openssl 1.0.1f) I am missing some ciphers (or aliases?), which are really important to mention, I think, since they provide better security: AESCGM (no mentioning of CGM at all) ECDHE I would suggest the sentence "Newer openssl versions may include additional ciphers." to be written _bold_, to pretend confusion. I would suggest to add a column "available with openssl version" in the tag table. It's confusing for me what is the relation between DHE and EDH. E.g. openssl ciphers -v 'DHE' Error in cipher list 139664124364448:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314: openssl ciphers -v 'EDH' DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD [...] So querying DHE gives an error, and querying EDH outputs DHE ciphers ? Why that? I have read this documentation about the SSLCiphersuite directive many times now, but the whole thing is still very confusing to me. Also other websites regarding forward secrecy and Apache cipher optimisation are very complex and vague. Little bit OT: Such a huge amount of ciphers and the high complexity of the permutual combinations of Key Exchange, Authentication, Cipher Encoding, MAC Digest algorithms, and their (not clearly defined) aliases is insecure by design, IMHO! --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
