Filter
Top Products
Appendix B SSL Configuration Directives for Apache Web Servers 145
Using the plus (+) or minus (-) signs, protocols can be added or removed. For
example, to disable support for SSLv2, the following directive could be used:
The preceding statement is equivalent to:
4. SSLCipherSuite cipher-spec
Context: Global, virtual host, directory, .htaccess
The SSLCipherSuite directive is used to configure which SSL ciphers are available
for use and their preference. In global context or virtual host context, directive is
used during the initial SSL handshake. In per-directory context, it forces an SSL
renegotiation to use the named ciphers. The renegotation takes place after the
request is read, but before the response is sent.
The cipher-spec is a colon-delimited list of the ciphers described in
TABLE B-2.In
TABLE B-2, DH refers to Diffie-Hellman and DSS refers to the Digital Signature
Standard.
SSLProtocol all -SSLv2
SSLProtocol +SSLv3 +TLSv1
TABLE B-2 Available SSL Ciphers
Cipher-Tag Protocol Key Exchange Auth. Encryption MAC Type
DES-CBC3-SHA SSLv3 RSA RSA 3DES (168-bit) SHA1
DES-CBC3-MD5 SSLv2 RSA RSA 3DES (168-bit) MD5
RC4-SHA SSLv3 RSA RSA ARCFOUR (128-bit) SHA1
RC4-MD5 SSLv3 RSA RSA ARCFOUR (128-bit) MD5
RC4-MD5 SSLv2 RSA RSA ARCFOUR (128-bit) MD5
RC2-CBC-MD5 SSLv2 RSA RSA ARCTWO (128-bit)
DES-CBC-SHA SSLv3 RSA RSA DES (56-bit) SHA1
RC4-64-MD5 SSLv2 RSA RSA ARCFOUR (64-bit) MD5
DES-CBC-MD5 SSLv2 RSA RSA DES (56-bit) MD5
EXP-DES-CBC-SHA SSLv3 RSA (512 bit) RSA DES (40-bit) SHA1 export
EXP-RC2-CBC-MD5 SSLv2 RSA (512 bit) RSA ARCTWO (40-bit) SHA1 export
EXP-RC2-CBC-MD5 SSLv3 RSA (512 bit) RSA ARCTWO (40-bit) SHA1 export
EXP-RC4-MD5 SSLv3 RSA (512 bit) RSA ARCFOUR (40-bit) MD5 export