explicitly including other ciphers.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> What about openssl?  (little confused here)..  I would expect openssl
> being the one that needs to be rebuild, not apache.

As Viktor previously stated, openssl has the NULL ciphers built in by default.  Your reply to Rich seemed to confirm that your version of openssl does include them:

>>>> but if I do a: openssl ciphers -v "ALL:eNULL" | grep eNULL
>>>> I don't see anything.
>>> Look for NULL, not eNULL.  Or "Enc=None"
>> thanks!  that seemed to work,

You further asked:

>> does that means, since there are NULL ciphers I can just use them in apache/mod_ssl by just changing a setting like:
>>
>> SSLCipherSuite eNULL
>>
>> in httpd.conf?

To which I responded "No".  If mod_ssl were passing the SSLCipherSuite value straight through to openssl, the answer would have been yes.  Unfortunately for you, mod_ssl manipulates the value of SSLCipherSuite to prevent NULL and export ciphers from being used.  You need to rebuild Apache without that manipulation to use any NULL ciphers.


-spw


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux