diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2015-05-27 18:59:59 +0000 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2015-05-27 18:59:59 +0000 |
commit | aab0eba576d64096e53387ca8366bf37982dbf6c (patch) | |
tree | 4534764b71e49d73e30c7ba51b53c72c3546f3b3 /docs/conf | |
parent | 2e4745c7a6694a7a00f79042e393f31bcf7766bd (diff) | |
download | httpd-aab0eba576d64096e53387ca8366bf37982dbf6c.tar.gz |
Clarify the change to the default cipher suite lists
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1682099 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/conf')
-rw-r--r-- | docs/conf/extra/httpd-ssl.conf.in | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index 5bdec366e9..ab0f39b509 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -47,6 +47,8 @@ Listen @@SSLPort@@ # and that httpd will negotiate as the client of a proxied server. # See the OpenSSL documentation for a complete list of ciphers, and # ensure these follow appropriate best practices for this deployment. +# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, +# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 |