Apache Friends Support Forum


https://community.apachefriends.org/f/

how to use deprecated SSL/TSL ciphers

https://community.apachefriends.org/f/viewtopic.php?f=16&t=78053

Page 1 of 1

how to use deprecated SSL/TSL ciphers

PostPosted: 05. April 2019 13:22
by Vedita BR
Hello, i'm trying to setup a https server for a 2000's video game but it seems XAMPP is rejecting the console's ciphers and the server sends handshake failed (40) after client has sent SSL v2 hello.

here are the ciphers that the client use.
Image

I am on OpenSSL 1.1.1b 26 Feb 2019
XAMPP CP v3.2.3 03/07/2019

What should I do?

thanks :wink:

PS: I also tried SSLCipherSuite ALL and SSLProtocol ALL but no luck!

Re: how to use deprecated SSL/TSL ciphers

PostPosted: 06. April 2019 21:17
by gsmith
Sometimes we just have to let what we love go free.

If that client can do http instead of httpS, that is the way to go. All https is going to do for you is let the evil-doers have your private key and nothing will be secure with the connection. That stated, Apache 2.4.12 with OpenSSL 1.0.2 should be able to work.

OpenSSL 1.0.2 has TLS_RSA_WITH_RC4_128_SHA (TLS/1.0 RC4-SHA) which is #5 in your list. 2.4.12 was the last released version of Apache that would speak to RC4 ciphers. Stay away from all those old CBC ciphers!

What Xampp version that equals I don't know, you will have to research that.
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/