The Apache documentation of SSLCipherSuite seems a little vague and the examples I found on the web make it much worse. I see a lot of references to "all", long lists of specific ciphers and lots of "!<fill in the blank>" references. For a simple web server (no vhosts or specific directory specifications, very specific use and limited administrator access) if I use just
SSLCipherSuite HIGH
am I going to get only the cipher suites listed by
openssl ciphers HIGH
or am I going to get other unintended additions that I need to specifically exclude? (I'm hoping to be able to apply the KISS principle if possible.) When excluding "all" and "medium", am I understanding the !<fill in the blank> specifications correctly as mainly to prevent the server specification from being over-ridden by other configuration?
Thanks for any help.
