Return-Path: X-Original-To: apmail-httpd-users-de-archive@www.apache.org Delivered-To: apmail-httpd-users-de-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B476E7DCB for ; Thu, 6 Oct 2011 23:58:51 +0000 (UTC) Received: (qmail 90532 invoked by uid 500); 6 Oct 2011 23:58:51 -0000 Delivered-To: apmail-httpd-users-de-archive@httpd.apache.org Received: (qmail 90506 invoked by uid 500); 6 Oct 2011 23:58:51 -0000 Mailing-List: contact users-de-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: users-de@httpd.apache.org List-Id: Delivered-To: mailing list users-de@httpd.apache.org Received: (qmail 90498 invoked by uid 99); 6 Oct 2011 23:58:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Oct 2011 23:58:51 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of h.reindl@thelounge.net designates 91.118.73.15 as permitted sender) Received: from [91.118.73.15] (HELO mail.thelounge.net) (91.118.73.15) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Oct 2011 23:58:43 +0000 Received: from srv-rhsoft.rhsoft.net (openvpn-241.thelounge.net [10.0.0.241]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id 70439CC for ; Fri, 7 Oct 2011 01:58:23 +0200 (CEST) Message-ID: <4E8E409E.3080003@thelounge.net> Date: Fri, 07 Oct 2011 01:58:22 +0200 From: Reindl Harald Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110930 Thunderbird/7.0.1 MIME-Version: 1.0 To: users-de@httpd.apache.org Subject: Re: Apache 2, TLS-Debakel References: <20110929143148.GE28705@Papa.local> <4E84829B.3070107@thelounge.net> <4E8E3B69.50407@wb-online.de> In-Reply-To: <4E8E3B69.50407@wb-online.de> X-Enigmail-Version: 1.3.2 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig84052E707A1A849295A01AAC" X-Virus-Checked: Checked by ClamAV on apache.org --------------enig84052E707A1A849295A01AAC Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 07.10.2011 01:36, schrieb Martin Ebert: > Liebe Liste, Harald, >=20 >> Das folgende sollte sowieso seblstverst=C3=A4ndlich sein: >> SSLProtocol All -SSLv2 >=20 > Hier stellt sich die Frage der "Nachhaltigkeit": > Meine (eher kleinen) Server werkeln fr=C3=B6hlich vor sich hin. > Und das sollen sie auch in 10 Jahren noch tun. Werden sie ganz ohne Pflege aber nicht :-) > Verhindert die von Dir vorgeschlagene Option neuere SSL-Versionen, > die wir heute noch gar nicht kennen? Wieso? Was ist an "Alles ausser SSL V2" eine Ausschlussgrund f=C3=BCr NEUERES? > Das w=C3=A4re ja ein sehr unsch=C3=B6ner Gedanke: Irgendwer hat so etwa= 2014 > die v2 aufgebohrt. Und ich habe Deinen v2-Vorschlag ganz fest in die > conf getackert H=C3=A4? SSL2 ist nicht erst 2014 unsicher sondern schon jetzt Deswegen geh=C3=B6rt es ja auch ausgeschalten --------------enig84052E707A1A849295A01AAC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6OQJ8ACgkQhmBjz394AnlONQCgkLSOth3EbJiWukmu8R8z0/2X eHMAn2iif5xJiAs15rEgYpL/pEvGa1P4 =OJtk -----END PGP SIGNATURE----- --------------enig84052E707A1A849295A01AAC--