osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 60739] SSLProtocol settings seem to have no effect


https://bz.apache.org/bugzilla/show_bug.cgi?id=60739

--- Comment #21 from Aaron C <aaronjchamberlain@xxxxxxxxx> ---
While not relating to the discussion of certain SSLProtocol and SSLCipherSuite
combinations halting desired SSLProtocols, I did want to add that I had an
issue where Let's Encrypt was holding my desired changes back.

I was attempting to use the directive:
`SSLProtocols -all +TLSv1.1 +TLSv1.2` but TLSv1 was still being used. Due to
this bug report I noticed that one of my upper Virtual Hosts was indeed using a
cert from LE, and in that file they had a default of
SSLProtocol all -SSLv2 -SSLv3

If I could make a suggestion, it would be that we work towards getting more
explicit control over what SSLProtocol directives get inherited. It seems
strange that a file in a single Virtual Host reference would take precedence
over global directives in both my ssl.conf and httpd.conf files.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx