Re: Apache gets SIGSEGV in ssl3_finish_mac()

To: bouyer%antioche.eu.org@localhost (Manuel Bouyer)
Subject: Re: Apache gets SIGSEGV in ssl3_finish_mac()
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Sat, 21 Nov 2009 19:13:21 +0100

Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:

> > What about the SSLCipherSuite parameter? What do you have? 
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:
> +MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> (which is, I believe, the default value)

You have exactly the same value I have. I believe I got it from Apache
1.3 installations. Apache 2.2 documentation says that the default is now
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'

ie: what we have, with EXPORT56 removed and eNULL not at the end. eNULL
is no encoding. Does that mean the default setup allows cleartext SSL
sessions???

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: Apache gets SIGSEGV in ssl3_finish_mac()
  - From: matthew sporleder

References:
- Re: Apache gets SIGSEGV in ssl3_finish_mac()
  - From: Manuel Bouyer

Prev by Date: Re: Apache gets SIGSEGV in ssl3_finish_mac()
Next by Date: Re: Apache gets SIGSEGV in ssl3_finish_mac()
Previous by Thread: Re: Apache gets SIGSEGV in ssl3_finish_mac()
Next by Thread: Re: Apache gets SIGSEGV in ssl3_finish_mac()
Indexes:

Home | Main Index | Thread Index | Old Index