I see multiple choices in the HTTPAdmin interface as well as the ability to customize. Have you tested the entries you would like to have based on Apache documentation?

Ciphers available during negotiation: allows you to specify a cipher specification used for the SSL connection. Each occurrence of this directive will add the associated cipher spec to that context's existing cipher suite list. The cipher spec is used on the SSL handshake, which then uses the cipher suite list to negotiate the cipher used for communications between the server and the client. The table allows you to add, remove, and organize the cipher entries. There is a default set of ciphers that are used system wide. These values can be used to override the default set of ciphers, or the preferred cipher order. Directive: SSLCipherSpec

I made some test changes and clicked preview to see the following lines added (the + is the add and not part of the configuration):
+ SSLCipherSpec TLS_RSA_WITH_RC4_128_MD5
+ SSLCipherSpec TLS_RSA_WITH_3DES_EDE_CBC_SHA
--
Sean Porterfield
________________________________________
From: Blake Butterworth
Sent: Monday, September 09, 2013 15:12

If I understand the IBM documentation correctly, it seems
like IBM's version of Apache allows one to specify ALL for the SSL version
or a particular version . By contrast, the Linux version allows more
combinations, like a certain version and all subsequent ones, e.g., TLS
1.0 +. We are using IBM i Apache 7.1, and ALL does not seem like a good
option since it would include the potential use of SSL 2.0 which is
apparently insecure. If all this is correct, then it seems we need to
standardize on a particular SSL version. Currently we use TLS 1.0 w/SSL
3.0 compatibility. Would anyone be willing to volunteer what they see as
the best IBM i Apache SSL configuration in terms of version and cipher
suites without compromising compatibility? Ideally, we would like to use
the newest versions of TLS and cipher suites practical without eliminating
browser backwards compatibility. To some extent this is a subjective
question, but I would think that any browser limited to insecure SSL
versions and/or cipher suites should be eliminated from consideration,
especially since we accept credit card payments on our website. Any advice
would be welcome.

Thanks,
Blake
--

This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.