On 08.12.11 00:38, aparna Puram wrote:
I understand from your mail that the following 2 cipher suites will work with the existing and the new clinet configurations. Kindly correct me if I m wrong. 1-->!ADH:!EXPORT56:DES-CBC-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL 2-->!ADH:!MD5:DES-CBC-SHA:RC4+RSA:+HIGH:+MEDIUM However the first cipher suite contains MD5, which is not preferable due to security reasons.
you disallow md5 due to security reasons, but allow null,export and low ciphers? :-)
I use DEFAULT:!EXP:!LOW and I hope that's enough. you can excloude MD5 from those but I'd like to see your "security" reasons, due to paragraph above.
-- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside... --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|