I must have mistyped my config. Assuming a config such as the following <VirtualHost sslv3.example.com:443> SSLProtocol -All +SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 ...
If I restart apache, and then try to test that (the --insecure is for a self-signed cert): $ curl https://sslv3.example.com --insecure --tlsv1.0 <html><body><h1>It works!</h1></body></html> Shouldn't it fail and not negotiate that? Thanks, Karl ---------------------------------------- > Date: Tue, 16 Jun 2015 11:17:22 +0200 > From: sarkofag...@gmail.com > To: users@httpd.apache.org > Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite > > Hi, > > Have you tested with the "+"? > > from docs : > Syntax:SSLProtocol [+|-]protocol ... > > ex : > <VirtualHost www.example.com:443> > SSLProtocol +TLSv1.2 > ... > </VirtualHost> > <VirtualHost old.example.com:443> > SSLProtocol +SSLv3 > ... > </VirtualHost> > > > > On Tue, Jun 16, 2015 at 12:37 AM, karl karloff <karlkarl...@hotmail.com> > wrote: >> Is there a way in the current Apache (2.4.x or 2.2.x) to specify an >> SSLProtocol and SSLCipherSuite that affects only a singular VirtualHost? >> >> e.g. >> www.example.com requires modern encryption (i.e. TLSv1.2) >> old.example.com allows only deprecated Protocols/ciphers (e.g. SSLv3) >> >> I tried using something like >> >> <VirtualHost www.example.com:443> >> SSLProtocol TLSv1.2 >> ... >> </VirtualHost> >> <VirtualHost old.example.com:443> >> SSLProtocol SSLv3 >> ... >> </VirtualHost> >> >> however it seems that the SSLProtocol directive is not honored inside a >> VirtualHost section. >> >> Is there a way to configure this properly so that individual VirtualHosts >> honor only the specified protocols? Can the same method be used for >> SSLCipherSuite? >> >> Thanks, >> Karl >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
