Package: apache2 Version: 2.2.21-5 Hi,
The BEAST vulnerability [1] "can be prevented by removing all CBC ciphers from your list of allowed ciphers—leaving only the RC4 cipher". But as this can break some old browsers that don't support RC4 (I couldn't name one, sorry), I propose instead to pop RC4 to the top of the list: -SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5 +SSLCipherSuite RC4:HIGH:MEDIUM:!ADH:!MD5:!SSLv2 (this almost-patch also disables SSLv2 ciphers) [1]: http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 -- Mathieu Parent -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cafx5sbzp39539ox_dx1oc__bsl3o5s7snup5kaj9l03ms6p...@mail.gmail.com
