httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Smith <...@sanger.ac.uk>
Subject RE: [users@httpd] Questions to SSLciphersuite [EXT]
Date Fri, 27 Nov 2020 23:30:38 GMT
To be honest from a security point of view - you shouldn't be doing this.... if the client
can't talk to your server you need to look for a new client? Assuming from what you say this
is just a monitoring tool.

We have switched off TLS v1.0 and v1.1 as all the browsers which we consider secure support
these protocols.

We have also dropped support for many of the "insecure" Key ex algorithms and cipher strengths.

We may lose a few visitors - but at least our servers and requests are considered secure.




-----Original Message-----
From: Lentes, Bernd <bernd.lentes@helmholtz-muenchen.de> 
Sent: 27 November 2020 16:25
To: users Maillingsliste Apache <users@httpd.apache.org>
Subject: Re: [users@httpd] Questions to SSLciphersuite [EXT]


----- On Nov 27, 2020, at 4:58 PM, Stefan Eissing stefan.eissing@greenbytes.de wrote:


> If your client cannot connect, maybe it is old and wants to talk SSLv3 
> which is no longer supported?
> 
Hi Stefan,

thanks for your answer.
That's what i assume. Isn't it possible to adapt the cipher-suite that the client can talk
to the server ?
I tried "SSLCipherSuite SSLv3:+TLSv1", but client still complains.

Bernd
Helmholtz Zentrum M√ľnchen

Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH) Ingolstaedter Landstr. 1
85764 Neuherberg
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.helmholtz-2Dmuenchen.de&d=DwICaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=qeXuar_R9BDFNQu_nNx4qx0JhdIKKdtsLgteuLKW6Pk&s=mMWdwX0jWqgdvrXZ7v6jJ3T6ZLf04Nu4bG6XRxuas0w&e=
Aufsichtsratsvorsitzende: MinDir.in Prof. Dr. Veronika von Messling
Geschaeftsfuehrung: Prof. Dr. med. Dr. h.c. Matthias Tschoep, Kerstin Guenther
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




-- 
 The Wellcome Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE.
Mime
View raw message