1

I'm trying to figure out the minimum key/cipher bit length that my Apache mod_ssl configuration will accept for client connections.

I ran openssl ciphers -v and saw ciphers of all lengths (40, 56, etc.).

How can I find out or configure the minimum length key that Apache will accept?

In other words, if a client requests a connection with a cipher of bit length 40, how can I specify that the connection should be refused since it's < 64?

Kevin Meredith
  • 1,269
  • 2
  • 15
  • 21

1 Answers1

2
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

This directive is treated as an access requirement and any connection that fails to meet this requirement will receive a 403 response.

Danila Ladner
  • 5,331
  • 22
  • 31
  • Thank you, @Danila Ladner. For my own reference, I saw this link too: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009867. – Kevin Meredith May 10 '13 at 15:22
  • It might be worthwhile to point out that this `directive` needs to be applied to a `` or `.htaccess` – Kevin Meredith May 10 '13 at 18:39