Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

On Thu, Dec 17, 2009 at 6:21 PM, Justin Pasher wrote: > François Beaune wrote: [snip] > I'm still getting the same list, even if I use the SSLCipherSuite you >> suggested, so it's clearly not used. >> >> On my side (in my subdomain's configuration), I only have one >> SSLCipherSuite occurrence

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

François Beaune wrote: On Wed, Dec 16, 2009 at 7:00 PM, Justin Pasher mailto:just...@newmediagateway.com>> wrote: [snip] Here is the SSLCipherSuite directive that I use on my servers to lock out insecure ciphers: SSLCipherSuite AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

On Wed, Dec 16, 2009 at 7:00 PM, Justin Pasher wrote: [snip] Here is the SSLCipherSuite directive that I use on my servers to lock out > insecure ciphers: > > SSLCipherSuite AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5 > > Try setting your config to this value. Obviously this is different t

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

François Beaune wrote: Sorry, I had overlooked your suggestion. Here's the output of the script: $ ./openssl_check.sh svn.mydomain.net Checking svn.mydomain.net:443 ... + EXP1024-RC4-SHA at Server public key is 2048 bit + EXP1024-DES-C

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

On Wed, Dec 16, 2009 at 5:03 PM, Justin Pasher wrote: > François Beaune wrote: > >> Hey Justin, >> >> Thanks for your answer. I did add the various versions of the >> SSLCipherSuite directive to my virtual host container, sorry if that wasn't >> clear. >> >> In the meantime I found that, by inspe

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

François Beaune wrote: Hey Justin, Thanks for your answer. I did add the various versions of the SSLCipherSuite directive to my virtual host container, sorry if that wasn't clear. In the meantime I found that, by inspecting the handshake between TortoiseSVN and Apache, the connection does

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

Hey Justin, Thanks for your answer. I did add the various versions of the SSLCipherSuite directive to my virtual host container, sorry if that wasn't clear. In the meantime I found that, by inspecting the handshake between TortoiseSVN and Apache, the connection does use RC4, which is good. Stil

Re: [us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

François Beaune wrote: Hello, I have a setup where Apache 2.2.3 is serving a large SVN repository with WebDAV over HTTPS (using basic authentication). Everything is working correctly; I would simply like to force usage of faster cipher algorithms (trading some security in favor of speed) t

[us...@httpd] Using SSLCipherSuite to restrict to faster cipher algorithms

Hello, I have a setup where Apache 2.2.3 is serving a large SVN repository with WebDAV over HTTPS (using basic authentication). Everything is working correctly; I would simply like to force usage of faster cipher algorithms (trading some security in favor of speed) than what seems to be allowed