httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [PATCH] new default SSLCipherSuite and SSL BrowserMatch configuration
Date Fri, 06 Nov 2009 21:31:55 GMT
On 06.11.2009 22:04, Lars Eilebrecht wrote:
> Hi,
> 
> I would like to propose the attached patch for inclusion in 2.2
> (I'll commit to trunk soon unless I'm getting any -1s in response to
> this email).

Using the openssl ciphers command the new cipher string resolves to

ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL

DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
AES256-SHA
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
AES128-SHA
EDH-RSA-DES-CBC3-SHA
EXP-EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC3-SHA
EXP-EDH-DSS-DES-CBC-SHA
DES-CBC3-SHA
EXP-DES-CBC-SHA
IDEA-CBC-SHA
RC4-SHA

The old one additionaly contains:

ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

RC4-MD5
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
DES-CBC3-MD5
IDEA-CBC-MD5
RC2-CBC-MD5
RC4-MD5
DES-CBC-MD5
EXP-RC2-CBC-MD5
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP-RC4-MD5

Because of the EXP- ciphers still contained in the new one, we might add
!EXPORT:

ALL:!ADH:!EXPORT:!LOW:!MD5:!SSLV2:!NULL

Regards,

Rainer


Mime
View raw message