lowering apache ssl encryption to 40bit

lowering apache ssl encryption to 40bit

am 09.11.2007 18:32:10 von Wes.Reneau

This is a multi-part message in MIME format.

------_=_NextPart_001_01C822F6.75EA1B09
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

I have a legacy app that cannot (at present) be upgraded to 128 bit
encryption. In order to alleviate this problem I've gotten a reverse
proxy running. My present setup is as follows:

=20

Ubuntu 6.0.6 LTS

Apache 2.0.55

Libapache2-mod-proxy-html 2.4.3-2

Openssl 0.9.8a

=20

My problem is that I can use most any website to have apache reverse
proxy for me successfully. Is it possible to step down on the
encryption on the "backside" of the apache connection to the legacy
server?

=20

At present I have the following in my vhost file:

=20

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

=20

This, as I understand it, allows apache on the front end to allow lower
level of encryption, however, as stated earlier I need the request FROM
apache to the legacy server to be 40 bit.

=20

Thanks

=20

W Reneau


------_=_NextPart_001_01C822F6.75EA1B09
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>









style=3D'font-size:10.0pt;
font-family:Arial'>I have a legacy app that cannot (at present) be =
upgraded to
128 bit encryption.  In order to alleviate this problem I’ve =
gotten
a reverse proxy running.  My present setup is as =
follows:



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>Ubuntu 6.0.6 LTS



style=3D'font-size:10.0pt;
font-family:Arial'>Apache 2.0.55



style=3D'font-size:10.0pt;
font-family:Arial'>Libapache2-mod-proxy-html =
2.4.3-2



style=3D'font-size:10.0pt;
font-family:Arial'>Openssl 0.9.8a



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>My problem is that I can use most any website to have =
apache
reverse proxy for me successfully.  Is it possible to step down on =
the encryption
on the “backside” of the apache connection to the legacy =
server?



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>At present I have the following in my vhost =
file:



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<=
/font>



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>This, as I understand it, allows apache on the front =
end to
allow lower level of encryption, however, as stated earlier I need the =
request
FROM apache to the legacy server to be 40 =
bit.



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>Thanks



style=3D'font-size:10.0pt;
font-family:Arial'> 



face=3DArial> style=3D'font-size:10.0pt;font-family:Arial'>W =
Reneau size=3D2 face=3DArial> style=3D'font-size:10.0pt;font-family:Arial'> >







------_=_NextPart_001_01C822F6.75EA1B09--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org