Filter
Top Products
Appendix B SSL Configuration Directives for Apache Web Servers 147
The preference of ciphers can be configured using the special characters listed and
described in
TABLE B-4.
The default value of cipher-spec is
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
The default configures all ciphers except anonymous (unauthenticated) Diffie-
Hellman, giving preference to ARCFOUR and RSA, and then higher grades of
encryption over the lower grades.
5. SSLCertificateFile file
Context: Global, virtual host
This directive specifies the location of the PEM-encoded X.509 certificate file for
this server.
6. SSLCertificateKeyFile file
Context: Global, virtual host
This directive specifies the location of the PEM-encoded private key file for this
server, corresponding to the certificate configured with the
SSLCertificateFile directive.
7. SSLCertificateChainFile file
Context: Global, virtual host
This directive specifies the location of a file containing the PEM-encoded
certificates making up the certification path of the server. You can use the
directive to assist clients in verifying the server's certificate when the server's
certificate is not directly signed by an authority that the client recognizes.
ADH All ciphers using anonymous Diffie-Hellman key exchange
DSS All ciphers using DSS authentication
NULL All ciphers using no encryption
TABLE B-4 Special Characters to Configure Cipher Preference
Character Description
<none> Add cipher to list
! Remove a cipher from the list entirely—it cannot be added again
+ Add cipher to list, and pull to current location (possibly demoting it)
- Remove cipher from list (can be added later in list)
TABLE B-3 SSL Aliases (Continued)
Alias Description