[openssl-users] explicitly including other ciphers.

Ron Croonenberg ronc at lanl.gov
Thu Dec 3 18:13:22 UTC 2015

So in general, I would have to build apache before I could use null ciphers?

On 12/02/2015 11:06 AM, Wall, Stephen wrote:
>> Encryption in https/apache is handled by mod_ssl.  does that means,
>> since there are NULL ciphers I can just use them in apache/mod_ssl by
>> just changing a setting like:
>> SSLCipherSuite eNULL
>> in httpd.conf?
> No.  mod_ssl modifiers the ciphers you specify by appending ':!aNULL:!eNULL:!EXP' in recent versions, or by prepending '!aNULL:!eNULL:!EXP:' in older versions.  There were some releases where it was possible to specify ciphers as
> SSLOpenSSLConfCMD CipherString "eNULL"
> and the ciphers you listed were not modified, but that has since been changed.  If you are not lucky enough to be using a version of apache that is in that window, you will need to obtain the apache source, modify mod_ssl, and build a custom version.  Be aware of potential license issues with doing this if it is for a deliverable.
> -spw
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list