Specifying a minimum key length for SSL/TLS in Apache HTTP Server, ERS Server, and vFabric Web Server
Article ID: 344034
Updated On:
Products
VMware
Support Only for Apache HTTP
Issue/Introduction
Security standards may require that encrypted connections use a particular cipher key size with SSL/TLS in Apache HTTP Server, ERS Server, and vFabric Web Server.
This article provides information on how to use SSL directives to specify a minimum key length for SSL/TLS.
Environment
Apache HTTP Server 2.0
VMware vFabric Enterprise Ready Server 4
VMware vFabric Web Server 5.0
Apache HTTP Server 2.2
VMware vFabric Enterprise Ready Server 4
VMware vFabric Web Server 5.0
Apache HTTP Server 2.2
Resolution
To specify the ciphers used by SSL/TLS, you can use the SSLCipherSuite Directive.
However, if you require a specific key length, you may want to specify this restriction directly. You can accomplish this using the SSLRequire Directive. For example, to specify that the key length must be at least 128 bits, add this to the configuration for the SSL virtual host:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
This directive is treated as an access requirement and any connection that fails to meet this requirement will receive a 403 response.
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
This directive is treated as an access requirement and any connection that fails to meet this requirement will receive a 403 response.
Feedback
Yes
No
Powered by
