httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: svn commit: r966055 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Date Wed, 21 Jul 2010 13:29:24 GMT
On 21.07.2010 14:54, "Plüm, Rüdiger, VF-Group" wrote:
>
>
>> -----Original Message-----
>> From: Rainer Jung
>> Sent: Mittwoch, 21. Juli 2010 14:46
>> To: dev@httpd.apache.org
>> Subject: Re: svn commit: r966055 -
>> /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
>>
>> On 21.07.2010 12:59, Igor Galić wrote:
>>>
>>>
>>> +SSLCipherSuite
>> RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
>>> Reminds me a bit of:
>> http://journal.paul.querna.org/articles/2010/07/10/overclockin
>> g-mod_ssl/
>>>
>>> Can't we simplify that to:
>>>
>>> SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5
>>>
>>> Since it's basically the same:
>>>
>>> i.galic@panic ~/Projects/asf/httpd (svn)-[trunk:966169] %
>> openssl ciphers 'RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5'|md5sum -
>>> c1977a5b8a9cea42329be929398c6941  -
>>> i.galic@panic ~/Projects/asf/httpd (svn)-[trunk:966169] %
>> openssl ciphers
>> 'RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL' | md5sum -
>>> c1977a5b8a9cea42329be929398c6941  -
>>>
>>> OpenSSL experts might want to disagree with me at this point.
>>
>> Not an openssl expert, but: depending on the build options
>> and openssl
>> version, e.g. IDEA-CBC-SHA is part of the longer cipher
>> suite, but not
>> part of yours (checked for 0.9.8o).
>
> Given that, lets stay with the old setting.

Rüdiger: could you please clarify: old means the one I committed earlier 
today (r966055), or the one that was in place before my change?

Regards,

Rainer

Mime
View raw message