Re: How to different SSLProtocol for each of the conf files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the Reploy Luca.

so i shall be listing all the possible IP:port in the virtualhost.conf file instead of just *:443 and that should make this work.

Let me try this out.

--Chetan

On Tue, Jul 25, 2017 at 6:16 AM, Luca Toscano <toscano.luca@xxxxxxxxx> wrote:
As Eric pointed out earlier on:

> The file names don't matter very much. What matters is whether they
> are separate IP:PORT based vhosts. If they're not, they can't have
> separate SSL configurations.

In all files you have <VirtualHost *:443> and you use a different ServerName to differentiate. I am not a big expert but I believe that what Eric is saying is that if you want to use a different SSL configuration on one VirtualHost you can with the constraint that the IP:PORT (stated in <VirtualHost IP:PORT>) is unique and not used in another VirtualHost block. 

Luca

2017-07-25 12:01 GMT+02:00 chetan jain <cpjain26@xxxxxxxxx>:
Hi Luca,

I have uploaded the content : 


Please review.

--Chetan

On Tue, Jul 25, 2017 at 4:17 AM, Luca Toscano <toscano.luca@xxxxxxxxx> wrote:
Hi,

we'd need to get your vhost configuration before helping further on, as Eric mentioned you have probably some overlapping but it is very difficult to debug only from your description. If you can put your configuration in https://apaste.info/ it would be great, otherwise I'd suggest to reach out to the folks in #httpd (IRC Freenode) to get some live help.

Luca


2017-07-25 6:45 GMT+02:00 chetan jain <cpjain26@xxxxxxxxx>:
Hi All,

Any more input on this?

--Chetan

On 21 Jul 2017 10:40 p.m., "chetan jain" <cpjain26@xxxxxxxxx> wrote:
Hi Eric,

Thanks for the reply.
We have a different server alias for each of the host, It does get honoured that is how requests go to correct sites.

It's just that something with the SSLProtocol, i read somewhere after googling that SSLProtocol are taken from the first virtual host which is loaded and rest are ignored, trying to seek confirmation if that is correct...and what can be done to achieve the needful

On 21 Jul 2017 5:09 p.m., "Eric Covener" <covener@xxxxxxxxx> wrote:
On Fri, Jul 21, 2017 at 2:37 AM, chetan jain <cpjain26@xxxxxxxxx> wrote:
> Hi All,
>
> We have an Apache WebServer (2.2.15) setup on CentOS 6 where in httpd,conf
> we have included conf.d/*.conf files which has configuration for all the
> virtual hosts.
>
> In conf.d we have respective .conf file for each of the virtual hosts like :
>
> abc_com.conf for abc.com
> xyz_com.conf for xyz.com
>
> etc
>
> now I want to disable the TLSv1.0 and SSLv3 request only for one of this
> virtual hosts, but even if i put the values like :
>
> SSLProtocol           ALL -SSLv3 -SSLv2 -TLSv1 -TLSv1.1  in xyz_com.conf
> file TLSv1.0 and 1.1 are still enabled for xyz.com
>
> to disable it, I have to put the same value in abc_com.conf file as well,
> then only it get disabled for xyz.com as well (even if i remove the paramter
> from xyz_com.conf in that case it is still disabled)
>
> can't we have different SSLProtocol for different virtual hosts?
>
> I can not disable it for all the websites, have to do it for only one of
> them, how can i achieve this?

The file names don't matter very much. What matters is whether they
are separate IP:PORT based vhosts. If they're not, they can't have
separate SSL configurations.


--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx






[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux