Hey Justin, Thanks for your answer. I did add the various versions of the SSLCipherSuite directive to my virtual host container, sorry if that wasn't clear.
In the meantime I found that, by inspecting the handshake between TortoiseSVN and Apache, the connection does use RC4, which is good. Still, I don't understand why this doesn't happen with Firefox (it always uses AES 256, which shouldn't be allowed, if I understand things correctly). Any clue? Cheers, Franz On Tue, Dec 15, 2009 at 8:26 PM, Justin Pasher <just...@newmediagateway.com>wrote: > François Beaune wrote: > >> Hello, >> >> I have a setup where Apache 2.2.3 is serving a large SVN repository with >> WebDAV over HTTPS (using basic authentication). >> >> Everything is working correctly; I would simply like to force usage of >> faster cipher algorithms (trading some security in favor of speed) than what >> seems to be allowed right now (for instance, AES 256 is used when I connect >> with Firefox). >> > > [snip] > > > As an experiment, I have tried that (at the virtual host level): >> >> SSLProtocol all -SSLv2 >> SSLHonorCipherOrder on >> SSLCipherSuite ALL:!ADH:+RC4+RSA:!HIGH:!LOW:!EXP:!NULL >> > > I noticed that your VirtualHost container doesn't actually contain the > SSLCipherSuite directive. Are you defining that somewhere else, such as in > the global config scope? Double check to make sure that it's being defined > globally as opposed to being wrapped inside another container object. > > Also, you can use this script to check which ciphers are supported by your > site. > > http://www.lazorsoftware.com/lazorsoft/files/openssl_check.sh > > -- > Justin Pasher > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
