httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aparna Puram <>
Subject Re: [users@httpd] SSL cipher suite modification
Date Fri, 09 Dec 2011 09:25:35 GMT
Hello Igor/Matus,

Issue is resolved for now after adding the cipher that our client support.

Resolution  : They have given the list of ciphers that they support. I have
tried using once of the cipher(DES-CBC-SHA) that they said they support.
But with this they were unable to connect.

Then I have used the follwoing command to get the protocol and cipher that
they have used.

/opt/csw/bin/openssl s_client -connect clinethostname:443 -debug

Then it gave me the protocol that they have used.

    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA

I have added this protocol and cipher to my sslciphersuite. It has enabled
them to connect to our webserver.

I have suggested my clinets to upgrade their applications to support SSLv3
and higher protocols.

Thanks a lot Igor, Your input has helped me a lot...:)

On Thu, Dec 8, 2011 at 7:39 PM, Matus UHLAR - fantomas <>wrote:

> On 08.12.11 00:38, aparna Puram wrote:
>> I understand from your mail that the following 2 cipher suites will work
>> with the existing and the new clinet configurations.
>> Kindly correct me if I m wrong.
>> However the first cipher suite contains MD5, which is not preferable due
>> to
>> security reasons.
> you disallow md5 due to security reasons, but allow null,export and low
> ciphers? :-)
> I use DEFAULT:!EXP:!LOW and I hope that's enough. you can excloude MD5
> from those but I'd like to see your "security" reasons, due to paragraph
> above.
> --
> Matus UHLAR - fantomas, ;
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Linux is like a teepee: no Windows, no Gates and an apache inside...
> ------------------------------**------------------------------**---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:**userslist.html<>>
> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.**<>
>  "   from the digest: users-digest-unsubscribe@**<>
> For additional commands, e-mail:

View raw message