allowing and banning cipher-suites apache2.2 Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionFontconfig default unavailable font selection, How is it defined in the XML configs? Couldn't locate in documentationSSL Configurations for Intermediate certificateAdd a single key to to CA certificates from an automated scriptAllowing outgoing emails that will be delivered to localhost onlycipher suites and disabling weak ciphers in JBossShare alsa capture device with alsaloopCan't get Perl FastCGI script to run on Apache Server: Error 500Running a command on all servers using FabricEnabling export cipher suites in Apache/OpenSSLHow to make Google Chrome and work through corporate proxy? Ubuntu LTS 18.04

How do I find out the mythology and history of my Fortress?

Circuit to "zoom in" on mV fluctuations of a DC signal?

Around usage results

How come Sam didn't become Lord of Horn Hill?

How to tell that you are a giant?

How do I make this wiring inside cabinet safer? (Pic)

How could we fake a moon landing now?

Using et al. for a last / senior author rather than for a first author

What would be the ideal power source for a cybernetic eye?

What is homebrew?

Why are there no cargo aircraft with "flying wing" design?

Extracting terms with certain heads in a function

Can anything be seen from the center of the Boötes void? How dark would it be?

What is the meaning of the simile “quick as silk”?

Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?

Is the Standard Deduction better than Itemized when both are the same amount?

Can a new player join a group only when a new campaign starts?

What is the longest distance a player character can jump in one leap?

What does the "x" in "x86" represent?

For a new assistant professor in CS, how to build/manage a publication pipeline

Integration Help

Why wasn't DOSKEY integrated with COMMAND.COM?

If a VARCHAR(MAX) column is included in an index, is the entire value always stored in the index page(s)?

How does the math work when buying airline miles?



allowing and banning cipher-suites apache2.2



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionFontconfig default unavailable font selection, How is it defined in the XML configs? Couldn't locate in documentationSSL Configurations for Intermediate certificateAdd a single key to to CA certificates from an automated scriptAllowing outgoing emails that will be delivered to localhost onlycipher suites and disabling weak ciphers in JBossShare alsa capture device with alsaloopCan't get Perl FastCGI script to run on Apache Server: Error 500Running a command on all servers using FabricEnabling export cipher suites in Apache/OpenSSLHow to make Google Chrome and work through corporate proxy? Ubuntu LTS 18.04



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








-1















There is a list of banned and recommended cipher-suites that I need to add to ssl.conf file, and I'm facing some problem when trying to configure it:



I need to ban all ECDH* and allow 15 cipher-suites starting with ECDHE*, such as ECDHE-RSA-AES128-SHA256.



How to configure it to work?






apache-httpd configuration ssl







share|improve this question
























  • What was done until now?

    – Rui F Ribeiro
    9 hours ago











  • What do you mean? until now I didn't need to ban ECDH as written in the question...

    – Bar
    9 hours ago











  • downvoted for 0 research work.

    – Rui F Ribeiro
    9 hours ago











  • I saw that each ECDHE* from the list should be written. However, I wanted to see if there's another solution because the list is long.

    – Bar
    9 hours ago

















-1















There is a list of banned and recommended cipher-suites that I need to add to ssl.conf file, and I'm facing some problem when trying to configure it:



I need to ban all ECDH* and allow 15 cipher-suites starting with ECDHE*, such as ECDHE-RSA-AES128-SHA256.



How to configure it to work?






apache-httpd configuration ssl







share|improve this question
























  • What was done until now?

    – Rui F Ribeiro
    9 hours ago











  • What do you mean? until now I didn't need to ban ECDH as written in the question...

    – Bar
    9 hours ago











  • downvoted for 0 research work.

    – Rui F Ribeiro
    9 hours ago











  • I saw that each ECDHE* from the list should be written. However, I wanted to see if there's another solution because the list is long.

    – Bar
    9 hours ago













-1












-1








-1








There is a list of banned and recommended cipher-suites that I need to add to ssl.conf file, and I'm facing some problem when trying to configure it:



I need to ban all ECDH* and allow 15 cipher-suites starting with ECDHE*, such as ECDHE-RSA-AES128-SHA256.



How to configure it to work?






apache-httpd configuration ssl







share|improve this question
















There is a list of banned and recommended cipher-suites that I need to add to ssl.conf file, and I'm facing some problem when trying to configure it:



I need to ban all ECDH* and allow 15 cipher-suites starting with ECDHE*, such as ECDHE-RSA-AES128-SHA256.



How to configure it to work?






apache-httpd configuration ssl




apache-httpd configuration ssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 9 hours ago







Bar

















asked 10 hours ago









BarBar

509




509












  • What was done until now?

    – Rui F Ribeiro
    9 hours ago











  • What do you mean? until now I didn't need to ban ECDH as written in the question...

    – Bar
    9 hours ago











  • downvoted for 0 research work.

    – Rui F Ribeiro
    9 hours ago











  • I saw that each ECDHE* from the list should be written. However, I wanted to see if there's another solution because the list is long.

    – Bar
    9 hours ago

















  • What was done until now?

    – Rui F Ribeiro
    9 hours ago











  • What do you mean? until now I didn't need to ban ECDH as written in the question...

    – Bar
    9 hours ago











  • downvoted for 0 research work.

    – Rui F Ribeiro
    9 hours ago











  • I saw that each ECDHE* from the list should be written. However, I wanted to see if there's another solution because the list is long.

    – Bar
    9 hours ago
















What was done until now?

– Rui F Ribeiro
9 hours ago





What was done until now?

– Rui F Ribeiro
9 hours ago













What do you mean? until now I didn't need to ban ECDH as written in the question...

– Bar
9 hours ago





What do you mean? until now I didn't need to ban ECDH as written in the question...

– Bar
9 hours ago













downvoted for 0 research work.

– Rui F Ribeiro
9 hours ago





downvoted for 0 research work.

– Rui F Ribeiro
9 hours ago













I saw that each ECDHE* from the list should be written. However, I wanted to see if there's another solution because the list is long.

– Bar
9 hours ago





I saw that each ECDHE* from the list should be written. However, I wanted to see if there's another solution because the list is long.

– Bar
9 hours ago










1 Answer
1






active

oldest

votes


















0














So it seems that you know the syntax of the config file but just don't want to fiddle around with the huge list of ciphers: a text editing problem.



The list of ECDHE* ciphers is given by the shell command



openssl ciphers | tr ":" "n" | grep ^ECDHE | tr "n" ":" | sed 's/:$//'


You didn't say what you wanted to do with ciphers whose names don't start with ECDH* but by changing the argument to grep in the above you can get any sort of cipher list you want and concatenate them in your text editor as needed. So to get a list of AES ciphers but not the AES128* ones you'd say ^AES[^1]



That said, there might still be some manual fiddling to do as the order of the ciphers in the list can be important. You can, and probably should, specify that the server shall try the ciphers in the order that they are in the enabling list.






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513030%2fallowing-and-banning-cipher-suites-apache2-2%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    So it seems that you know the syntax of the config file but just don't want to fiddle around with the huge list of ciphers: a text editing problem.



    The list of ECDHE* ciphers is given by the shell command



    openssl ciphers | tr ":" "n" | grep ^ECDHE | tr "n" ":" | sed 's/:$//'


    You didn't say what you wanted to do with ciphers whose names don't start with ECDH* but by changing the argument to grep in the above you can get any sort of cipher list you want and concatenate them in your text editor as needed. So to get a list of AES ciphers but not the AES128* ones you'd say ^AES[^1]



    That said, there might still be some manual fiddling to do as the order of the ciphers in the list can be important. You can, and probably should, specify that the server shall try the ciphers in the order that they are in the enabling list.






    share|improve this answer



























      0














      So it seems that you know the syntax of the config file but just don't want to fiddle around with the huge list of ciphers: a text editing problem.



      The list of ECDHE* ciphers is given by the shell command



      openssl ciphers | tr ":" "n" | grep ^ECDHE | tr "n" ":" | sed 's/:$//'


      You didn't say what you wanted to do with ciphers whose names don't start with ECDH* but by changing the argument to grep in the above you can get any sort of cipher list you want and concatenate them in your text editor as needed. So to get a list of AES ciphers but not the AES128* ones you'd say ^AES[^1]



      That said, there might still be some manual fiddling to do as the order of the ciphers in the list can be important. You can, and probably should, specify that the server shall try the ciphers in the order that they are in the enabling list.






      share|improve this answer

























        0












        0








        0







        So it seems that you know the syntax of the config file but just don't want to fiddle around with the huge list of ciphers: a text editing problem.



        The list of ECDHE* ciphers is given by the shell command



        openssl ciphers | tr ":" "n" | grep ^ECDHE | tr "n" ":" | sed 's/:$//'


        You didn't say what you wanted to do with ciphers whose names don't start with ECDH* but by changing the argument to grep in the above you can get any sort of cipher list you want and concatenate them in your text editor as needed. So to get a list of AES ciphers but not the AES128* ones you'd say ^AES[^1]



        That said, there might still be some manual fiddling to do as the order of the ciphers in the list can be important. You can, and probably should, specify that the server shall try the ciphers in the order that they are in the enabling list.






        share|improve this answer













        So it seems that you know the syntax of the config file but just don't want to fiddle around with the huge list of ciphers: a text editing problem.



        The list of ECDHE* ciphers is given by the shell command



        openssl ciphers | tr ":" "n" | grep ^ECDHE | tr "n" ":" | sed 's/:$//'


        You didn't say what you wanted to do with ciphers whose names don't start with ECDH* but by changing the argument to grep in the above you can get any sort of cipher list you want and concatenate them in your text editor as needed. So to get a list of AES ciphers but not the AES128* ones you'd say ^AES[^1]



        That said, there might still be some manual fiddling to do as the order of the ciphers in the list can be important. You can, and probably should, specify that the server shall try the ciphers in the order that they are in the enabling list.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 8 hours ago









        NadreckNadreck

        1759




        1759



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f513030%2fallowing-and-banning-cipher-suites-apache2-2%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -apache-httpd, configuration, ssl
            -

            Popular posts from this blog

            Creating 100m^2 grid automatically using QGIS?Creating grid constrained within polygon in QGIS?Createing polygon layer from point data using QGIS?Creating vector grid using QGIS?Creating grid polygons from coordinates using R or PythonCreating grid from spatio temporal point data?Creating fields in attributes table using other layers using QGISCreate .shp vector grid in QGISQGIS Creating 4km point grid within polygonsCreate a vector grid over a raster layerVector Grid Creates just one grid

            Image
            Pattern match does not work in bash script Mage Armor with Defense fighting style (for Adventurers League bladeslinger) LaTeX closing $ signs makes cursor jump String Manipulation Interpreter Can divisibility rules for digits be generalized to sum of digits I'm planning on buying a laser printer but concerned about the life cycle of toner in the machine What is the offset in a seaplane's hull? How can I make my BBEG immortal short of making them a Lich or Vampire? What are the differences between the usage of 'it' and 'they'? The use of multiple foreign keys on same column in SQL Server How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy? Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws) Why Is Death Allowed In the Matrix? Minkowski space Why are 150k or 200k jobs considered good when there are 300k+ births a month? Why do f...
            Read more

            What is this called? Old film camera viewer?What makes a good film camera?What to do with an old film camera?What should one look for when buying a used film camera?What is the value and age of this pre-1967 Ricoh 35 mm camera?DSLR recommendation, question about old Canon 35mm film Camera & lensesCan anyone identify the silver rangefinder-style camera in this advertisement?What kind of a Polaroid 600-camera is this?Will an old film camera still work even when not used in a very long time?What is this camera / Can I develop the film?How to fit an action camera into antique (bellows) housing?What to check when buying used and old film bodies?

            Image
            Why is delta-v is the most useful quantity for planning space travel? How to color a zone in Tikz Is there enough fresh water in the world to eradicate the drinking water crisis? Adding empty element to declared container without declaring type of element Can I use my Chinese passport to enter China after I acquired another citizenship? Superhero words! What to do when my ideas aren't chosen, when I strongly disagree with the chosen solution? My boss asked me to take a one-day class, then signs it up as a day off Can a Bard use an arcane focus? Can a malicious addon access internet history and such in chrome/firefox? Pronouncing Homer as in modern Greek Java - What do constructor type arguments mean when placed *before* the type? Is there a good way to store credentials outside of a password manager? Why are all the doors on Ferenginar (the Ferengi home world) far shorter than the average Ferengi? Have I saved too much for retirement so far? Why Were M...
            Read more

            Why is this plane circling around the Lucknow airport every day?Why do aircraft on Flight Radar 24 jump around randomly sometimes?What airport has this walkway over a taxiway?How does Chicago O'Hare's tower sequence aircraft at peak capacity?Which airport is featured in this Delta commercial?After a crash, for how long is the airport closed?Can a passenger plane stand still in the air, or hover at a fixed location above a ground?What are those trucks towing around, and why?What is this airport outside of Cairo, Egypt?Which US airport has the lowest circling MDH?What is this airport video?

            Image
            Freedom of speech and where it applies THT: What is a squared annular “ring”? Hot bath for aluminium engine block and heads Delete database accidentally by a bash, rescue please Why do IPv6 unique local addresses have to have a /48 prefix? How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby? Customize circled numbers Drawing ramified coverings with tikz How does the reference system of the Majjhima Nikaya work? Why did the EU agree to delay the Brexit deadline? Melting point of aspirin, contradicting sources Is Asuka Langley-Soryu disgusted by Shinji? Did US corporations pay demonstrators in the German demonstrations against article 13? Is camera lens focus an exact point or a range? Does a 'pending' US visa application constitute a denial? GraphicsGrid with a Label for each Column and Row How do you respond to a colleague from another team when they're wrongly expecting that you'll help them? How is flybla...
            Read more