[httpd] mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
jorton
jorton at fedoraproject.org
Fri Jun 20 09:54:41 UTC 2014
commit c0bdfa464b7c8b7d202b7a7ab31bc0e4b06a33fc
Author: Joe Orton <jorton at redhat.com>
Date: Fri Jun 20 10:54:36 2014 +0100
mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
Resolves: rhbz#1109119
httpd.spec | 5 ++++-
ssl.conf | 8 +++++---
2 files changed, 9 insertions(+), 4 deletions(-)
---
diff --git a/httpd.spec b/httpd.spec
index b14d656..d6acac2 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -14,7 +14,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.9
-Release: 4%{?dist}
+Release: 5%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html
@@ -624,6 +624,9 @@ rm -rf $RPM_BUILD_ROOT
%{_rpmconfigdir}/macros.d/macros.httpd
%changelog
+* Fri Jun 20 2014 Joe Orton <jorton at redhat.com> - 2.4.9-5
+- mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
diff --git a/ssl.conf b/ssl.conf
index ff60307..5c9b652 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -75,9 +75,11 @@ SSLEngine on
SSLProtocol all -SSLv2
# SSL Cipher Suite:
-# List the ciphers that the client is permitted to negotiate.
-# See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+# By leaving this directive commented out, the system-wide OpenSSL
+# default is used. See update-crypto-policies(8) for more details.
+#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
More information about the scm-commits
mailing list