If I define SSLCipherSuite DEFAULT will apache show the ciphers that are defined by openSSL and will be used? Is this the best way to go, or should I specifically list TLSv1.2 and TLS1.3? The complete list of ciphers that openssl supports numbers 60 and still includes some 14 TLSv1 ciphers like PSK-AES128-CBC-SHA256, among others. Trying to search on recommendations comes up with a lot of "use these settings to allow IE 6.0" which is of literally no. interest to me at all. This is what I am looking at using: Protocols h2 h2c http/1.1 SSLCipherSuite DEFAULT SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 But I may relent on TLSv1/1.1 after checking logs. I think that if I set SSLCipherSuite DEFAULT and SSLProtocol to not allow the older TLS and SSL that will provide ciphers and security that are supported by current browsers and if I allow TLSv1 it should support old browsers going back more than a decade, yes? -- You know what they say about paradigms: Shift happens. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|