Apache2 ver. 2.4.55 ignores SSLCipherSuite

OS type and version Ubuntu 20.04.05
Webmin version 2.013
Virtualmin version 7.5
Related packages [apache2 - 2.4.54-1+ubuntu20.04.1+deb.sury.org+1] ( PPA for Apache 2.x)

Dear Community,

I have run into issue with apache2 afew days ago - Im using Ondrej Surys packages which contain more recent version of apache2. Reason for this step was that in default version of Ubuntu 20.04 is version of apache2, where is bugged command “SSLCipherSuite” - this command works only if set in apache2 config, but is ignored when put into site configuration. In this situation, only 1 version of SSLCipherSuite is possible to set for all hosted websites. I know that default cipher order is perfectly fine, but there are still some environments, where specific cipher order is prefered (For example accessing roundcube or nextcloud instance)

As I was looking around, it seems that Im not only one who is experiencing this issue, but it is most probably bug in this specific version, where command “SSLCipherSuite” is entirely ignored (Even in apache2.conf)

So my question - Im not very experienced when it comes to package managing and installing specific versions of any kind of software - How to safely roll back to previous version of Apache2 version 2.4.54? Or do you know any workaround for this issue? Im open for any alternatives :slight_smile:

Thank you all in advance for your help.


My apologize - I have figured out what really happend.

During the update, all configured SSLCipherOrder commands were deleted, so, I have rebuilded it back again, and thought that it was the only thing that was resetted during update. As it happens, I was wrong.

Command “SSLHonorCipherOrder” was also reverted back to default state, so SSLCipherOrder was indeed working, but the order was not enforced by the server.

Let this be a lesson to others who come into contact with these problems.

Have a great day!


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.