httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Improving SSL config
Date Fri, 18 Nov 2011 17:47:22 GMT
On 18.11.2011 18:20, Kaspar Brand wrote:
> On 18.11.2011 13:09, Rainer Jung wrote:
>> You might want to drop the -SSLv2 from our SSLCipherSuite in
>> docs/conf/extra/httpd-ssl.conf.in then as well.
>
> You're right, yes. As there were no objections to the changes I proposed
> on the list a few days ago, I now committed them with r1203752/r1203753.
>
> If you generally agree with these modifications, I could also prepare
> and propose a backport for 2.2.x (there's currently an earlier one from
> you in 2.2.x's STATUS). Just let me know.

Fine with me. Current SSLCipherSuite for 2.2 definitely needs 
improvement and latest 2.4 should be the way to go.

Except: Since SSLv2 is still available for 2.2, the -SSLv2 is needed in 
the cipher list.

Please feel free to go ahead an remove my proposal.

Regards,

Rainer


Mime
View raw message