----- "Gabriele Paggi" <gabriele.paggi@xxxxxxxxxxxxxx> wrote: > Hello, > > This is my first mail here and I've been suggested to write here after > > posting on alt.comp.apache.configuration. > > I'm trying to limit the amount of ciphers used by mod_ssl and I'm > running: > - Apache 2.2.3 > - mod_ssl-2.2.3-22 > - OpenSSL 0.9.8e-fips-rhel5 > on RHEL 5.3. > > My server-wide mod_ssl cipher suite configuration line is: > SSLCipherSuite ALL:!ADH:!EXP-DES-CBC-SHA:!EXP:!SSLv2:RC4+RSA:+HIGH: > +MEDIUM:!LOW > I don't have per-vhost mod_ssl configuration that could override it. > > For this SSLCipherSuite list, the following ciphers should be > accepted: > [root@t]# openssl ciphers -v 'ALL:!ADH:!EXP-DES-CBC-SHA:!EXP:! > SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW' First off: try some HIGH settings, like: openssl ciphers -v 'RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5' Does it change sslscan's output? second: Are you restarting the server? i -- Igor GaliÄ Tel: +43 (0) 664 886 22 883 Mail: i.galic@xxxxxxxxxxxxxx URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx