(In reply to David Favor from comment #6)
> The problem seems to be an interaction between the Cipher List + SSLProtocol.
>
> Depending on setting of Cipher List SSLProtocol seems to work or be ignored.
>
> These settings disable TLSv1.0
>
> # support old Android phones
> SSLProtocol All -SSLv2 -SSLv3 -TLSv1
>
> # Force using custom cipher list
> SSLHonorCipherOrder on
>
> Define sslCiphers
> -ALL:!ADH:!aNULL:!EXP:!EXPORT40:!EXPORT56:!3DES:!eNULL:!NULL:!RC4:!DES:!MD5:!
> LOW
> Define sslCiphers
> ${sslCiphers}:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-
> AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-
> SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
> SSLCipherSuite ${sslCiphers}
>
> Other sslCiphers settings cause SSLProtocol to be ignored.
>
Can you share a specific pair with unexpected results?
(In reply to David Favor from comment #6) !aNULL: !EXP:!EXPORT40: !EXPORT56: !3DES:! eNULL:! NULL:!RC4: !DES:!MD5: ! :ECDHE- RSA-AES256- GCM-SHA384: ECDHE-RSA- AES256- SHA384: ECDHE-RSA- SHA:DHE- RSA-AES256- GCM-SHA384: DHE-RSA- AES256- SHA256: DHE-RSA- AES256- GCM-SHA384: AES256- SHA256: AES256- SHA
> The problem seems to be an interaction between the Cipher List + SSLProtocol.
>
> Depending on setting of Cipher List SSLProtocol seems to work or be ignored.
>
> These settings disable TLSv1.0
>
> # support old Android phones
> SSLProtocol All -SSLv2 -SSLv3 -TLSv1
>
> # Force using custom cipher list
> SSLHonorCipherOrder on
>
> Define sslCiphers
> -ALL:!ADH:
> LOW
> Define sslCiphers
> ${sslCiphers}
> AES256-
> SHA:AES256-
> SSLCipherSuite ${sslCiphers}
>
> Other sslCiphers settings cause SSLProtocol to be ignored.
>
Can you share a specific pair with unexpected results?