So in general, I would have to build apache before I could use null ciphers? On 12/02/2015 11:06 AM, Wall, Stephen wrote: >> Encryption in https/apache is handled by mod_ssl. does that means, >> since there are NULL ciphers I can just use them in apache/mod_ssl by >> just changing a setting like: >> >> SSLCipherSuite eNULL >> >> in httpd.conf? > > No. mod_ssl modifiers the ciphers you specify by appending ':!aNULL:!eNULL:!EXP' in recent versions, or by prepending '!aNULL:!eNULL:!EXP:' in older versions. There were some releases where it was possible to specify ciphers as > > SSLOpenSSLConfCMD CipherString "eNULL" > > and the ciphers you listed were not modified, but that has since been changed. If you are not lucky enough to be using a version of apache that is in that window, you will need to obtain the apache source, modify mod_ssl, and build a custom version. Be aware of potential license issues with doing this if it is for a deliverable. > > -spw > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
