Name
SSLCipherSuite
Synopsis
SSLCipherSuite cipher-spec Default: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP Server config, virtual host, directory, .htaccess Override: AuthConfig Apache v2 0nly
Unless the webmaster has reason to be paranoid about security, this directive can be ignored.
This complex directive uses a colon-separated
cipher-spec string consisting of OpenSSL cipher
specifications to configure the Cipher Suite the client is permitted
to negotiate in the SSL handshake phase. Notice that this directive
can be used both in per-server and per-directory context. In
per-server context it applies to the standard SSL handshake when a
connection is established. In per-directory context it forces an SSL
renegotiation with the reconfigured Cipher Suite after the HTTP
request was read but before the HTTP response is sent.
An SSL cipher specification in cipher-spec is
composed of four major components plus a few extra minor ones. The
tags for the key-exchange algorithm component, which includes RSA and
Diffie-Hellman variants, are shown in Table 11-4.
|
Tag |
Description |
|
|
RSA key exchange |
|
|
Diffie-Hellman key exchange with RSA key |
|
|
Diffie-Hellman key exchange with DSA key |
|
|
Ephemeral (temporary key) Diffie-Hellman key exchange (no certificate) |
The tags for the authentication algorithm component, which includes RSA, Diffie-Hellman, and DSS, are shown in Table 11-5.
Get Apache: The Definitive Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
