Re: Weirdo intepretation of SSLprotocol order

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
Well - a patched version... what do you mean -i've build apache22-2.2.29_2 from ports... so its already up to date. However openssl runtime is openssl-1.0.1_16, where i see there is a openssl-1.0.2_1 available from ports. I prefer to build from ports, in order to host a standardized environment for the web..
I have been looking into migration to apache httpd 2.4, but from my understanding the config interpretor is not backwards compatible, so i have to renew all configs. I run around 50 domains and 450 sites, and about 15 instances of apache httpd.. so there will be a bunch of config redoing.. 


Do you mean - building 2.2.29 from apache.org sources ?



br
congo

On 2015-05-07 11:13, Yann Ylavic wrote:

Hello,

you may hit an issue fixed in [1] (for upcoming 2.4.13).

Can you manage to build a patched httpd-2.2.29 from sources?

Regards,
Yann.

[1] http://svn.us.apache.org/r1663258


On Wed, May 6, 2015 at 2:54 PM,  <apache@xxxxxxx> wrote:

hello,


So i have an apache 2.2.29 running Prefork on FreeBSD 64bit.
I have a number of vhosts included - one vhost per domain name. In any of these vhost containers the SSLProtocol directive seems to be ignored, but only the default vhost is dictating the SSLProtocol for all other (this is ofcourse the first HTTPS enabled vhost container, which might be relevant). Though documentation argues that its applicable per vhost, and not only in 
server config.

For testing purpose, i use add the following to my sub-vhost:
        SSLProtocol             -ALL +TLSv1.2

But when the default vhost is configured as such:
        SSLProtocol             -ALL +TLSv1 +TLSv1.1 +TLSv1.2

- that final example is the only, thats used throughout the webserver.
I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, 
that it should be applicable per virtual host.
The goal is to host some sites via TLS 1.2 only, and some other ones only in 
TLS 1.1 for instance.



Does anyone else meet the same challenge or know how to resolve this ?



br
congo



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux