Can someone tell me if the SSLCipherSuite directive has any known issues with not fully adhering to what it is given? I've been trying to make a server pci compliant by disabling all weak SSL ciphers and whatever I try is not disabling the export grade ciphers. I'm using: SSLCipherSuite HIGH:MEDIUM yet even after doing that, these six continue to work fine when I test them: EDH-RSA-DES-CBC-SHA 56 bit DES-CBC-SHA 56 bit EXP-EDH-RSA-DES-CBC-SHA 40 bit EXP-DES-CBC-SHA 40 bit EXP-RC2-CBC-MD5 40 bit EXP-RC4-MD5 40 bit I've altered my directive to have !EXP and even to have each of those six ciphers above explicitly excluded yet they remain enabled. Thanks, David --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|