Hello,
we would like to configure our SSL virtual host to use the AES128-SHA
algorithm to encrypt the data channel. And we would like to stick to the
128 bits version, not the AES256-SHA one.
We made several test, and even if we managed to stick to the AESxxx-SHA,
if the browser can do AES256-SHA, it chooses this protocol.
Indeed, in firefox, in the about:config page, filtering on 'ssl', we
have all the protocols supported by firefox. I disable AES256-SHA, so
the algorithm used is AES128-SHA (fine), if we disable AES128-SHA, the
used algorithm is AES256-SHA (normal), if we disable both, the browser
refused the connexion because no algorithm match between server and
client (fine), but if we enable both algorithm, it always use the
AES256-SHA algorithm whatever we configure on the server side.
Could someone help us to make a configuration which only enable the
AES128-SHA algorithm on the server side. We are on France, and the
legislation only authorized us to have 128 encryption keys.
Here is the configuration used to test the behavior of paragraph 3 :
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite "AES128-SHA"
SSLCertificateFile conf/ssl/private.crt
SSLCertificateKeyFile conf/ssl/private.key
SSLCertificateChainFile conf/ssl/ca.crt
SSLCACertificateFile conf/ssl/ca.crt
Thanks in advance
Best regards
Denis Sacchet
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|