httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: [users@httpd] Unable to set ciphers string with space separated in apache
Date Thu, 06 Sep 2018 15:01:21 GMT
On Wed, Sep 5, 2018 at 10:11 PM, alchemist vk <alchemist.vk@gmail.com>
wrote:

> Hi William,
>   Sorry for late response.. I appreciate your response.
>   Small clarification: You meant to say,  with space as delimiter, httpd
> parses will consider  space separated tokens as each individual httpd
> directives?
>

The syntax of SSL_CMD_ALL(CipherSuite, TAKE1, ...) states that only a
single token is permitted (confirmed in 2.4.current).

It will consider each token individual arguments, and only one is
permitted. Placing the space-seperated tokens within double quotes causes
httpd to treat it as a single argument to SSLCipherSuite. It still may not
work, we only "support" colon-separated lists, as documented, but pass the
string given, and the rest is up to OpenSSL.


> On Mon, Aug 27, 2018 at 7:03 PM, William A Rowe Jr <wrowe@rowe-clan.net>
> wrote:
>
>> A good argument for following httpd documented convention.
>>
>> If you want to continue exploring, you would want to quote the cipher
>> string, since httpd would take apart unquotes, space separated tokens as
>> different httpd directive arguments, and you surely don't want that.
>>
>> On Sat, Aug 25, 2018, 20:05 alchemist vk <alchemist.vk@gmail.com> wrote:
>>
>>> Hi All,
>>>
>>>   openssl standard says " The cipher list consists of one or more *cipher
>>> strings* separated by colons. Commas or spaces are also acceptable
>>> separators but colons are normally used".  But apache says "directive
>>> uses a *colon-separated* *cipher-spec* string consisting of OpenSSL
>>> cipher specifications to configure the Cipher Suite the client is permitted
>>> to negotiate in the SSL handshake phase" in https://httpd.apache.org/do
>>> cs/2.4/mod/mod_ssl.html.
>>>
>>>
>>> So, when I configured apache by separating cipher string with spaces,
>>> cipher string has no affect.  But when cipher string is configured with
>>> colons, cipher string has effect.
>>>
>>>
>>> So, please provide clarification, is there any limitation why we can’t
>>> configure cipher string by using space as delimiter in apache.
>>>
>>>
>>> PS: I am using 2.4 apache version in Linux OS.
>>>
>>> With Regards,
>>> Venkatesh
>>>
>>
>

Mime
View raw message