Not quite sure what you want to achieve even though the question is semi-clear. If your real intention is to disallow SSLv2 (which you should in this day and age) and only support SSLv3 and above, you could do this SSLProtocol -ALL +SSLv3 +TLSv1 then follow by ciphers suite e.g. SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM On Tue, Aug 18, 2009 at 7:41 AM, Eric Covener<covener@xxxxxxxxx> wrote: > On Tue, Aug 18, 2009 at 10:36 AM, > Capstone<capstone@xxxxxxxxxxxxxxxxxxxxxx> wrote: >> I may not have been clear on my question so I am reposting, hopefully in a >> more clear manner,... I apologize if this is bad practice. >> >> I would like clarification as to whether the SSLProtocol directive is >> absolutely necessary when trying to achieve the highest level of security >> when configuring Apache. >> >> Can the SSLCipherSuite directive overwrite what is designated in the >> SSLProtocol directive? >> >> For example: >> >> SSLProtocol SSLv2 >> >> SSLCipherSuite TLSv1:SSLv3:+HIGH:+MEDIUM:!LOW:!NULL > > Try it and see? > > -- > Eric Covener > covener@xxxxxxxxx > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|