[httpd] - update default SSLCipherSuite per upstream trunk
jorton
jorton at fedoraproject.org
Sat Jan 8 08:41:50 UTC 2011
commit 0e9583d1593c12364e0a5bdf2b5cae0e1949e3c5
Author: Joe Orton <jorton at redhat.com>
Date: Sat Jan 8 08:41:29 2011 +0000
- update default SSLCipherSuite per upstream trunk
httpd.spec | 5 ++++-
ssl.conf | 12 +++++++++---
2 files changed, 13 insertions(+), 4 deletions(-)
---
diff --git a/httpd.spec b/httpd.spec
index 3eb1398..e1645ba 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -7,7 +7,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.2.17
-Release: 5%{?dist}
+Release: 6%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@@ -486,6 +486,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/build/*.sh
%changelog
+* Sat Jan 8 2011 Joe Orton <jorton at redhat.com> - 2.2.17-6
+- update default SSLCipherSuite per upstream trunk
+
* Wed Jan 5 2011 Joe Orton <jorton at redhat.com> - 2.2.17-5
- fix requires (#667397)
diff --git a/ssl.conf b/ssl.conf
index 07fe32b..384c354 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -94,9 +94,15 @@ SSLEngine on
SSLProtocol all -SSLv2
# SSL Cipher Suite:
-# List the ciphers that the client is permitted to negotiate.
-# See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+
+# SSL Cipher Honor Order:
+# On a busy HTTPS server you may want to enable this directive
+# to force clients to use one of the faster ciphers like RC4-SHA
+# or AES128-SHA in the order defined by SSLCipherSuite.
+#SSLHonorCipherOrder on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
More information about the scm-commits
mailing list