François Beaune wrote:[snip]
Hello,
I have a setup where Apache 2.2.3 is serving a large SVN repository with WebDAV over HTTPS (using basic authentication).
Everything is working correctly; I would simply like to force usage of faster cipher algorithms (trading some security in favor of speed) than what seems to be allowed right now (for instance, AES 256 is used when I connect with Firefox).
I noticed that your VirtualHost container doesn't actually contain the SSLCipherSuite directive. Are you defining that somewhere else, such as in the global config scope? Double check to make sure that it's being defined globally as opposed to being wrapped inside another container object.
As an experiment, I have tried that (at the virtual host level):
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:+RC4+RSA:!HIGH:!LOW:!EXP:!NULL
Also, you can use this script to check which ciphers are supported by your site.
http://www.lazorsoftware.com/lazorsoft/files/openssl_check.sh
--
Justin Pasher
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|