Name
SSLCipherSuite
Synopsis
SSLCipherSuite
cipher_spec
[server config, within
<VirtualHost> or
<Directory>, or
.htaccess]
This directive combines a number of cipher specifications to configure the Cipher Suite. The Cipher Suite is the set of methods or algorithms used by the server and client to establish secure communications. The cipher suite is negotiated during the handshake phase, just after a client sends an SSL request. The cipher_spec provided by this directive lists a set of methods that the server will support for a request. The client and server negotiate the most common and preferred methods in this list to use for transactions.
The cipher_spec is a rather complex string that requires at least one declaration for each of the following: a key exchange algorithm, an authentication algorithm, a cipher or encryption algorithm, and MAC digest algorithm. You can additionally declare an export cipher. There are many different tags for specific ciphers that can be combined for the cipher spec. Certain alias tags have been defined to group ciphers into specific sets that comprise certain protocols and levels of security. Table 19-2 lists the alias tags.
Table 19-2. Cipher tag aliases
|
Tag |
Description |
|---|---|
|
|
All SSL 2.0 ciphers |
|
|
All SSL 3.0 ciphers |
|
|
All TLS 1.0 ciphers |
|
|
All export ciphers |
|
|
40-bit export ciphers only |
|
|
56-bit export ciphers only |
|
|
All low strength ciphers (no export, single DES) |
|
|
All ciphers with ... |
Get Webmaster in a Nutshell, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
