Re: How to different SSLProtocol for each of the conf files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Eric,

Thanks for the reply.
We have a different server alias for each of the host, It does get honoured that is how requests go to correct sites.

It's just that something with the SSLProtocol, i read somewhere after googling that SSLProtocol are taken from the first virtual host which is loaded and rest are ignored, trying to seek confirmation if that is correct...and what can be done to achieve the needful

On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@xxxxxxxxx> wrote:
On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@xxxxxxxxx> wrote:
> Hi All,
>
> We have an Apache WebServer (2.2.15) setup on CentOS 6 where in httpd,conf
> we have included conf.d/*.conf files which has configuration for all the
> virtual hosts.
>
> In conf.d we have respective .conf file for each of the virtual hosts like :
>
> abc_com.conf for abc.com
> xyz_com.conf for xyz.com
>
> etc
>
> now I want to disable the TLSv1.0 and SSLv3 request only for one of this
> virtual hosts, but even if i put the values like :
>
> SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1  in xyz_com.conf
> file TLSv1.0 and 1.1 are still enabled for xyz.com
>
> to disable it, I have to put the same value in abc_com.conf file as well,
> then only it get disabled for xyz.com as well (even if i remove the paramter
> from xyz_com.conf in that case it is still disabled)
>
> can't we have different SSLProtocol for different virtual hosts?
>
> I can not disable it for all the websites, have to do it for only one of
> them, how can i achieve this?

The file names don't matter very much. What matters is whether they
are separate IP:PORT based vhosts. If they're not, they can't have
separate SSL configurations.


--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux