httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Improving SSL config
Date Fri, 18 Nov 2011 12:09:01 GMT
On 18.11.2011 06:32, Kaspar Brand wrote:
> As I can't think of any good reason why a new major version of an HTTPS
> server released in late 2011 should still support insecure SSL protocol
> cruft from the 1990s (v2 was superseded about 15 years ago, when SSLv3
> was introduced), I went for the first option and completely dropped
> SSLv2 support with r1203491/r1203495 in trunk and 2.4, respectively.
>
> For the SSLProtocol directive, specifying "-SSLv2" is still permitted,
> but basically just for backward compatibility with the relatively
> popular "SSLProtocol all -SSLv2" incantation (technically, the code
> simply ignores "-SSLv2", as it is now always forced to off).

You might want to drop the -SSLv2 from our SSLCipherSuite in 
docs/conf/extra/httpd-ssl.conf.in then as well.

Rainer


Mime
View raw message