[TriLUG] TLSv1 from Apache + mod_ssl?
Brian Henning
Brian.Henning at datadirect.com
Fri Aug 7 09:39:13 EDT 2009
Hi Greg / Everyone,
I should've included my SSLCipherSuite in the original message. It is
currently:
SSLCipherSuite RC4:-DH:-KRB5:-EXP
...resulting in the following:
$ openssl ciphers -v RC4:-DH:-KRB5:-EXP
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
I do notice that they all say SSLv3 or v2; no TLSv1. But even if I do
this:
$ openssl ciphers -v TLSv1
...the entire list shows SSLv3 in that column, including the two v3 from
above.
Is that why I'm not able to get a TLSv1 connection working?
Thanks!
~Brian
-----Original Message-----
From: Greg Cox [mailto:glcox at pobox.com]
Sent: Thursday, August 06, 2009 1:43 PM
To: Brian Henning
Subject: Re: [TriLUG] TLSv1 from Apache + mod_ssl?
> 2) How do I get Apache to talk in TLSv1? Here's my SSLProtocol
> directive:
>
> SSLProtocol -all +SSLv3 +TLSv1
Add
SSLCipherSuite HIGH:MEDIUM
and see if it helps. Good practice anyway.
More information about the TriLUG
mailing list