[httpd] mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)

[jorton]

commit c0bdfa464b7c8b7d202b7a7ab31bc0e4b06a33fc
Author: Joe Orton <jorton at redhat.com>
Date:   Fri Jun 20 10:54:36 2014 +0100

    mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
    
    Resolves: rhbz#1109119

 httpd.spec |    5 ++++-
 ssl.conf   |    8 +++++---
 2 files changed, 9 insertions(+), 4 deletions(-)
---
diff --git a/httpd.spec b/httpd.spec
index b14d656..d6acac2 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -14,7 +14,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.9
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -624,6 +624,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Jun 20 2014 Joe Orton <jorton at redhat.com> - 2.4.9-5
+- mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119)
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.9-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 
diff --git a/ssl.conf b/ssl.conf
index ff60307..5c9b652 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -75,9 +75,11 @@ SSLEngine on
 SSLProtocol all -SSLv2
 
 #   SSL Cipher Suite:
-#   List the ciphers that the client is permitted to negotiate.
-#   See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+# By leaving this directive commented out, the system-wide OpenSSL
+# default is used.  See update-crypto-policies(8) for more details.
+#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 
 #   Speed-optimized SSL Cipher configuration:
 #   If speed is your main concern (on busy HTTPS servers e.g.),