Re: Apache gets SIGSEGV in ssl3_finish_mac()

[matthew sporleder <msporleder%gmail.com@localhost>]

On Sat, Nov 21, 2009 at 1:13 PM, Emmanuel Dreyfus <manu%netbsd.org@localhost> 
wrote:
> Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
>
>> > What about the SSLCipherSuite parameter? What do you have?
>> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:
>> +MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>> (which is, I believe, the default value)
>
> You have exactly the same value I have. I believe I got it from Apache
> 1.3 installations. Apache 2.2 documentation says that the default is now
> ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
>
> ie: what we have, with EXPORT56 removed and eNULL not at the end. eNULL
> is no encoding. Does that mean the default setup allows cleartext SSL
> sessions???
>

NULL (I don't really know what eNULL means) have authentication but no
encryption.
(Enc=None)

fester$ openssl ciphers -v "NULL"

ECDHE-RSA-NULL-SHA      SSLv3 Kx=ECDH     Au=RSA  Enc=None      Mac=SHA1
ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH     Au=ECDSA Enc=None      Mac=SHA1
AECDH-NULL-SHA          SSLv3 Kx=ECDH     Au=None Enc=None      Mac=SHA1
ECDH-RSA-NULL-SHA       SSLv3 Kx=ECDH/RSA Au=ECDH Enc=None      Mac=SHA1
ECDH-ECDSA-NULL-SHA     SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=None      Mac=SHA1
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5