Comment 16 for bug 1665151

Revision history for this message
In , David Favor (davidfavor) wrote :

Per my other comment above, it appears SSLProtocol is strongly effected by SSLCipherSuite list.

This means SSLProtocol may or may not have any effect, based on SSLCipherSuite list.

Likely this is a complex fix, which might be accomplished by...

1) process SSLCipherSuite

2) then removed any SSLCipherSuite ciphers based on SSLProtocol setting

Simple to describe. Complex to implement.

Another solution might be to just deprecate the SSLProtocol setting.

This would mean SSLCipherSuite determines protocol selection, which appears to be what's actually occurring.

This would involve, removing all code related to SSLProtocol processing + updating documentation for SSLCipherSuite saying, protocols set derive from SSLCipherSuite list provided.