7020725: SSLProxyCipherSuite directive not written to Host based advanced options with domain based services

A NAM administrator trying to add the following lines to the Access Gateway (AG) Advanced Options of a specific reverse Proxy (RP). They way the AC is parsing the third line is causing a configuration error when we restart apache.

SSLProtocol All -SSLv2

SSLHonorCipherOrder On

SSLProxyCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:MEDIUM:!LOW:!EXP:!SSLv2:!aNULL:!EDH:!AESGCM:!eNULL:!NULL

All lines are applied to the vhost file of this RP but the very last one – which is completely missing

// hosts.d/test-application.conf snippet of end of file

# Advanced Options

CacheIgnoreHeaders Authorization

SetEnvIf User-Agent “.*Mozilla.*”

downgrade-1.0 force-response-1.0 no-gzip

SSLProtocol All -SSLv2

SSLHonorCipherOrder On

</VirtualHost>

This only seems to happen with domain based proxy – if I add the same settings to the path based proxy advanced option, it is written correctly.

// path based vhost file snippet

# Advanced Options

SSLProtocol All -SSLv2

SSLHonorCipherOrder On

SSLProxyCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:MEDIUM:!LOW:!EXP:!SSLv2:!aNULL:!EDH:!AESGCM:!eNULL:!NULL

Related:

Leave a Reply