Yann Ylavic"
> An: users@httpd.apache.org
> Betreff: Re: Re: [users@httpd] Set SSLCipherSuite dependent on client IP
>
> On Wed, Feb 24, 2021 at 6:01 PM Hildegard Meier wrote:
> >
> > I thought about something like that as cause, but since the client IP is
> >
ation.
Gesendet: Donnerstag, 25. Februar 2021 um 13:55 Uhr
Von: "Brian Wolfe"
An: users@httpd.apache.org
Betreff: Re: Re: [users@httpd] Set SSLCipherSuite dependent on client IP
The question is if the "If/Else" block is being evaluated. I suspect it is, but the selected CipherSui
The question is if the "If/Else" block is being evaluated. I suspect it is,
but the selected CipherSuites are not available and therefore the global
setting is used to negotiate.
On Thu, Feb 25, 2021 at 7:50 AM Yann Ylavic wrote:
> On Thu, Feb 25, 2021 at 1:44 PM Brian Wolfe
> wrote:
> >
> > Ar
On Thu, Feb 25, 2021 at 1:44 PM Brian Wolfe wrote:
>
> Are you sure that you have any MD5 ciphers enabled.
Wrong thread?
Regards;
Yann.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mai
Are you sure that you have any MD5 ciphers enabled. Most of them are
disabled nowadays. For example on my OSX I only have 1 MD5 available:
:~ $ openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256)
Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=E
On Wed, Feb 24, 2021 at 6:01 PM Hildegard Meier wrote:
>
> I thought about something like that as cause, but since the client IP is
> known from the very first start of the request, before TLS handshake, I
> thought it could be evaluated.
Yes but to determine the context from which the takes p
On Wed, Feb 24, 2021 at 6:01 PM Hildegard Meier wrote:
[...]
> Could it be possible another way to give clients of a specific vHost
> different SSLCipherSuite's depending on their IP address? (cipher of first
> handshake, no renegotiation)
You can work around this by setting up a separate vhost
tpd.apache.org
> Betreff: Re: [users@httpd] Set SSLCipherSuite dependent on client IP
>
> > Why does this not work?
>
> is evaluated early in request processing, long after the
> handshake. However, the manual says:
> In per-directory context it forces a SSL renegotiation wit
> Why does this not work?
is evaluated early in request processing, long after the
handshake. However, the manual says:
In per-directory context it forces a SSL renegotiation with the
reconfigured Cipher Suite after the HTTP request was read but before
the HTTP response is sent.
I suggest testin
;Hildegard Meier"
> An: users@httpd.apache.org
> Betreff: [users@httpd] Set SSLCipherSuite dependent on client IP
>
> Hello,
>
> having Ubuntu 14 server with Apache 2.4.7
>
> I configured to have SSLCipherSuite dependent on the client IP address.
>
> But the If/Els
Hello,
having Ubuntu 14 server with Apache 2.4.7
I configured to have SSLCipherSuite dependent on the client IP address.
But the If/Else directive seems to be just silently ignored, only and always
the global default SSLCipherSuite value is in effect.
The SSLCipherSuite given in the If or Else
11 matches
Mail list logo
