[Ach] Apache2 SSL Ciphers in Perdition IMAPS Proxy

Sebastian sebix at sebix.at
Mon Jul 20 16:21:01 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On 07/20/2015 03:48 PM, Mailingliste1 wrote:
> At the Apache Settings (page 11, Webservers, 2.1.1)  SSLv3 is enabled - why? its not secure imho.
No, it's not. The protocol is disabled: "SSLProtocol All -SSLv2 -SSLv3"
These ciphers are enabled by the SSLv3 string in the cipher suite:
https://www.openssl.org/docs/apps/ciphers.html#SSL-v3.0-cipher-suites
It's not the protocol, it's a list of ciphers.
See also:
https://security.stackexchange.com/questions/70832/why-doesnt-the-tls-protocol-work-without-the-sslv3-ciphersuites
> I cant find any ciphers from the PDF File in my  openssl ciphers list (for example EDH+CAMELLIA). 
Is there a translation sheet or how can I realize that?
There are several ciphers with CAMELLIA available on your system:
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
CAMELLIA256-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
CAMELLIA128-SHA

To find out the full and expanded names of all ciphers enabled by a
specific cipher suite, you can use:
openssl ciphers -v 'ciphersuite'

Sebastian

- -- 
python programming - mail server - photo - video - https://sebix.at
To verify my cryptographic signature or send me encrypted mails, get my
key at https://sebix.at/DC9B463B.asc and on public keyservers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJVrQPMAAoJEBn0X+vcm0Y7dIEP/RO4DfCwuSLcIPZejpY3roPN
5vP4+b9ST5N+D7ZuGBxRcNHp598dIrS19cV5I5wyf/gQKoC4/m+1N6bZYQEcBfE6
oxuM7eCMtPq2k9UObtyy3USQRfgbqvQMltQh4557YnHnRud7JWUIrqvPxMUU6hia
Q/9qIhjKUV71ZFAeDutUU5Wcg70oGmjOujpwNi7A18U/fDnTA1HgPp/K/OBoJuTG
8IQo3I8G8p29YyYu03j/jvkUyOgvf6F66ol4zgErKbeIyyFYg69eb/Thk6MlhjfA
FSufbwEJYvpgUzsCXkpzTuPDwj8/jm/yC1qdokKLhLpCFYNjaR58R2xWuhoaDiO8
qnWto5lwfpFNq840IwVArAbQRqbzJZZbzG/bXptEC4UnAN8N3Su0gkllQU4dI7JT
X3f6+F+1JfPKuMwD6ZvshffCgWQ8pVf3lkREHr+ilZlTQIhmzghV6loeCkTXFY8N
WvekaRRSHWmW2GDF9hhJGxT9JKH1TYIjNdq6FP4/kyIqRhHD8STdr47ae2BE5OvI
MBmEqm2OSA3dCFaD2x8l7VQuiqEZtpXJ/i/5hZJHn+qlNxT0dSNE//be8i4pHyl3
owk5HK8DG69gT5mv4Tzg4LhY/FDoccQQli63nm9KMhpFpCead2v7u9YPjh6S2vSJ
EvkX6SZiy+SngMRruYTm
=Z/Kq
-----END PGP SIGNATURE-----

More information about the Ach mailing list