Thank you very much Eric, for your quick response and explanation. Do you have a source for it (aside of the source code ;) ? I thought about something like that as cause, but since the client IP is known from the very first start of the request, before TLS handshake, I thought it could be evaluated. Could it be possible another way to give clients of a specific vHost different SSLCipherSuite's depending on their IP address? (cipher of first handshake, no renegotiation) > Gesendet: Mittwoch, 24. Februar 2021 um 14:26 Uhr > Von: "Eric Covener" <covener@xxxxxxxxx> > An: users@xxxxxxxxxxxxxxxx > Betreff: Re: Set SSLCipherSuite dependent on client IP > > > Why does this not work? > > <If> is evaluated early in request processing, long after the > handshake. However, the manual says: > In per-directory context it forces a SSL renegotiation with the > reconfigured Cipher Suite after the HTTP request was read but before > the HTTP response is sent. > > I suggest testing w/o TLS13 and testing the equivalent config with > <Directory> or <Location> to see if renegotiation occurs w/o <If>. > You will have to carefully look for the final cipher. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|