httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <>
Subject Re: SSL/TLS best current practice
Date Sat, 23 May 2015 11:50:53 GMT
On 05/06/2015 07:22 PM, William A Rowe Jr wrote:
> Here is my proposed global config for 
> <> for 2.4 and 2.2, which I believe mirrors the 
> 'MUST' of RFC 7525.

So new default configs are improved, and that's great.

Any joint interest in maintaining a "guide to implementing SSL/TLS best 
practices" in the documentation for those that don't normally see our 
latest/greatest default configuration and/or need some extra prose 
around it?

A start would be:

* list source material for best practices
* describe how known tradeoffs (such as blocking old clients) are 
accommodated in the specific configuration recommendations
* the actual configuration related to best SSL/TLS practices from our 
current default SSL configs
* hints on how to configure these in our past releases as well as with 
distributions that have their own idea of file layout/own defaults

View raw message