[openssl-users] explicitly including other ciphers.
Ron Croonenberg
ronc at lanl.gov
Thu Dec 3 18:13:22 UTC 2015
So in general, I would have to build apache before I could use null ciphers?
On 12/02/2015 11:06 AM, Wall, Stephen wrote:
>> Encryption in https/apache is handled by mod_ssl. does that means,
>> since there are NULL ciphers I can just use them in apache/mod_ssl by
>> just changing a setting like:
>>
>> SSLCipherSuite eNULL
>>
>> in httpd.conf?
>
> No. mod_ssl modifiers the ciphers you specify by appending ':!aNULL:!eNULL:!EXP' in recent versions, or by prepending '!aNULL:!eNULL:!EXP:' in older versions. There were some releases where it was possible to specify ciphers as
>
> SSLOpenSSLConfCMD CipherString "eNULL"
>
> and the ciphers you listed were not modified, but that has since been changed. If you are not lucky enough to be using a version of apache that is in that window, you will need to obtain the apache source, modify mod_ssl, and build a custom version. Be aware of potential license issues with doing this if it is for a deliverable.
>
> -spw
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
More information about the openssl-users
mailing list