httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: svn commit: r966055 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Date Wed, 21 Jul 2010 12:54:51 GMT
 

> -----Original Message-----
> From: Rainer Jung 
> Sent: Mittwoch, 21. Juli 2010 14:46
> To: dev@httpd.apache.org
> Subject: Re: svn commit: r966055 - 
> /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
> 
> On 21.07.2010 12:59, Igor Galić wrote:
> >
> >
> > +SSLCipherSuite 
> RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
> > Reminds me a bit of: 
> http://journal.paul.querna.org/articles/2010/07/10/overclockin
> g-mod_ssl/
> >
> > Can't we simplify that to:
> >
> > SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5
> >
> > Since it's basically the same:
> >
> > i.galic@panic ~/Projects/asf/httpd (svn)-[trunk:966169] % 
> openssl ciphers 'RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5'|md5sum -
> > c1977a5b8a9cea42329be929398c6941  -
> > i.galic@panic ~/Projects/asf/httpd (svn)-[trunk:966169] % 
> openssl ciphers 
> 'RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL' | md5sum -
> > c1977a5b8a9cea42329be929398c6941  -
> >
> > OpenSSL experts might want to disagree with me at this point.
> 
> Not an openssl expert, but: depending on the build options 
> and openssl 
> version, e.g. IDEA-CBC-SHA is part of the longer cipher 
> suite, but not 
> part of yours (checked for 0.9.8o).

Given that, lets stay with the old setting.

Regards

Rüdiger


Mime
View raw message