When choosing a cipher during a handshake, normally the client's preference is used. If this directive is enabled, then the server's preference will be used instead.
Category | Value |
---|---|
Syntax |
|
Example |
SSLHonorCipherOrder ON |
Default |
|
The server's preference order can be configured using the SSLCipherSuite directive. When SSLHonorCipherOrder is set to ON, the value of SSLCipherSuite is treated as an ordered list of cipher values.
Cipher values that appear first in this list are preferred by the server over ciphers that appear later in the list.
Example:
SSLCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 SSLHonorCipherOrder ON
In this case, the server will prefer TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
over all of the other ciphers configured in SSLCipherSuite directive as it appears first in the list and chooses this cipher for the SSL connection, if the client supports it.