[openssl-users] explicitly including other ciphers.

Wall, Stephen swall at redcom.com
Wed Dec 2 18:06:50 UTC 2015


> Encryption in https/apache is handled by mod_ssl.  does that means,
> since there are NULL ciphers I can just use them in apache/mod_ssl by
> just changing a setting like:
> 
> SSLCipherSuite eNULL
> 
> in httpd.conf?

No.  mod_ssl modifiers the ciphers you specify by appending ':!aNULL:!eNULL:!EXP' in recent versions, or by prepending '!aNULL:!eNULL:!EXP:' in older versions.  There were some releases where it was possible to specify ciphers as

SSLOpenSSLConfCMD CipherString "eNULL"

and the ciphers you listed were not modified, but that has since been changed.  If you are not lucky enough to be using a version of apache that is in that window, you will need to obtain the apache source, modify mod_ssl, and build a custom version.  Be aware of potential license issues with doing this if it is for a deliverable.

-spw


More information about the openssl-users mailing list