[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 55707] SSLProtocol directive seem to be ignored over different virtualhosts on the same ip+port


--- Comment #11 from Mike Haller <mike@xxxxxxxxxxxx> ---
> Is a client that speaks both TLSv1.2 and TLSv1.3 able to connect to vhost B
> at all?

Yes. Such a client could speak to both.

The case I am solving is this:

<vhost A>
  SSLProtocol +TLSV1 +TLSV1.1 +TLSV1.2
</vhost A>

<vhost B>
  SSLProtocol +TLSV1.2
</vhost B>

This configuration allows for vhost B to accept only the newest protocol
implemented in 2.4.33.

It will function as expected if you write "SSLProtocol +TLSV1.1" for vhost B.
However, I would not consider that a useful configuration because I think that
the concept "minimum TLS version needed to connect to this host" is more
likely than arbitrarily specifying versions. For example, PCI DSS (the credit
card security standard) is requiring that TLSv1 and TLSv1.1 can no longer be
used to connect after June 30, 2018, but allows for any newer protocols
TLSv1.2, TLSv1.3, etc.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx