[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 55707] SSLProtocol directive seem to be ignored over different virtualhosts on the same ip+port


--- Comment #9 from Mike Haller <mike@xxxxxxxxxxxx> ---
Thanks for looking Stefan.

> Is there, in this setup, a way to successfully connect to the vhost?

The point of the patch is to prevent a successful connection to the vhost at
the TLS protocol layer. If that's not what you want and you instead wish to
produce a friendly error message for some versions, you can already configure
mod_ssl to accept all versions, and to publish the SSL_PROTOCOL env var, and
then use any number of ways (e.g. rewrite, setenvif) to produce an error page
if there is a version you do not wish to accept.

> ... the *server admin* gets an ERR/WARNING by a post config check in
> mod_ssl.

>From a user's perspective, they see behavior no different than if they attempt
to connect with a TLS version that is not specified in the default server's
SSLProtocol: a protocol version alert. Is the startup warning suggestion
because this patch changes the existing behavior that current configurations
will accept versions that are not allowed by a vhost's SSLProtocol?

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx