ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
COURSE of the MONTH
13 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Cipher Configuration on Apache HTTPD
Posted on 2016-11-28
Hello Experts:
I need to configure Apache HTTPD to only take the following ciphers:
TLS_ECDHE_RSA_WITH_AES_256
TLS_RSA_WITH_AES_256_CBC_S
TLS_ECDHE_RSA_WITH_AES_128
TLS_RSA_WITH_AES_128_CBC_S
This is what I have in my ssl.conf configuration file:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES128+EECDH:AES128+EDH:!3
I am confused on how to translate the above ciphers into the proper Apache syntax.
Apache/2.2.15
CentOS release 6.5 (Final)
OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"
Thanks.
I need to configure Apache HTTPD to only take the following ciphers:
TLS_ECDHE_RSA_WITH_AES_256
TLS_RSA_WITH_AES_256_CBC_S
TLS_ECDHE_RSA_WITH_AES_128
TLS_RSA_WITH_AES_128_CBC_S
This is what I have in my ssl.conf configuration file:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES128+EECDH:AES128+EDH:!3
I am confused on how to translate the above ciphers into the proper Apache syntax.
Apache/2.2.15
CentOS release 6.5 (Final)
OpenSSL 1.0.1e-fips 11 Feb 2013
java version "1.7.0_45"
Thanks.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
4 Comments
Active today
Apache uses the format that OpenSSL uses. This page has a translation from the specification name to the OpenSSL equivalent: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html
So, in your case, the SSLCipherSuite line would look like:
So, in your case, the SSLCipherSuite line would look like:
SSLCipherSuite ECDHE-RSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA
Active today
That looks very promising Phil. By any chance, can you help me understand what these other expressions mean:
(0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
(0x35)
(0x2f)
Thanks very much.
(0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
(0x35)
(0x2f)
Thanks very much.
Active today
ECDH refers to the encryption protocol (Elliptic curve Diffie–Hellman)
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy
I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
secp256r1 refers to the elliptic curve used by the cipher
FS indicates that the cipher supports Forward Secrecy
I'm not sure what (0xc014)/(0x35)/(0x2f) are, but I'm guessing it's a constant associated with the cipher.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
INTRODUCTION
Working with files is a moderately common task in Java. For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.
However, when your application has vi…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about basic arrays, how to declare them, and how to use them.
Introduction and definition:
Declare an array and cover the syntax of declaring them:
Initialize every index in the created array:
Example/Features of a basic arr…
Suggested Courses
Course of the Month13 days, 11 hours left to enroll
801 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.