httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1135234 - in /httpd/httpd/trunk: CHANGES docs/conf/extra/httpd-ssl.conf.in
Date Mon, 13 Jun 2011 19:21:57 GMT
Author: sf
Date: Mon Jun 13 19:21:57 2011
New Revision: 1135234

URL: http://svn.apache.org/viewvc?rev=1135234&view=rev
Log:
Disable AECDH ciphers in example config by using !aNULL (which includes
all ciphers without authentication.

PR: 51363
Submitted by: Rob Stradling <rob comodo com>

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1135234&r1=1135233&r2=1135234&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Jun 13 19:21:57 2011
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.13
 
+  *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
+     [Rob Stradling <rob comodo com>]
+
   *) core: Introduce new function ap_get_conn_socket() to access the socket of
      a connection. [Stefan Fritsch]
 

Modified: httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?rev=1135234&r1=1135233&r2=1135234&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in (original)
+++ httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in Mon Jun 13 19:21:57 2011
@@ -48,7 +48,7 @@ Listen @@SSLPort@@
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
 
 #   SSL Cipher Honor Order:
 #   On a busy HTTPS server you may want to enable this directive



Mime
View raw message