OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Unable to set ciphers string with space separated in apache


Thanks William for your valuable response. It helped a lot in understanding httpd parsing.
Really appreciate your time and knowledge. 

With Regards,
Venkatesh

On Thu, Sep 6, 2018 at 8:31 PM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:
On Wed, Sep 5, 2018 at 10:11 PM, alchemist vk <alchemist.vk@xxxxxxxxx> wrote:
Hi William,
  Sorry for late response.. I appreciate your response. 
  Small clarification: You meant to say,  with space as delimiter, httpd parses will consider  space separated tokens as each individual httpd directives?

The syntax of SSL_CMD_ALL(CipherSuite, TAKE1, ...) states that only a single token is permitted (confirmed in 2.4.current).

It will consider each token individual arguments, and only one is permitted. Placing the space-seperated tokens within double quotes causes httpd to treat it as a single argument to SSLCipherSuite. It still may not work, we only "support" colon-separated lists, as documented, but pass the string given, and the rest is up to OpenSSL.
 
On Mon, Aug 27, 2018 at 7:03 PM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:
A good argument for following httpd documented convention.

If you want to continue exploring, you would want to quote the cipher string, since httpd would take apart unquotes, space separated tokens as different httpd directive arguments, and you surely don't want that.

On Sat, Aug 25, 2018, 20:05 alchemist vk <alchemist.vk@xxxxxxxxx> wrote:

Hi All,

  openssl standard saysThe cipher list consists of one or more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally used".  But apache says "directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase" in https://httpd.apache.org/docs/2.4/mod/mod_ssl.html


So, when I configured apache by separating cipher string with spaces, cipher string has no affect.  But when cipher string is configured with colons, cipher string has effect. 


So, please provide clarification, is there any limitation why we can’t configure cipher string by using space as delimiter in apache.


PS: I am using 2.4 apache version in Linux OS.


With Regards,
Venkatesh