On 21.07.2010 14:54, "Plüm, Rüdiger, VF-Group" wrote:
-----Original Message-----
From: Rainer Jung
Sent: Mittwoch, 21. Juli 2010 14:46
To: dev@httpd.apache.org
Subject: Re: svn commit: r966055 -
/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
On 21.07.2010 12:59, Igor Galić wrote:
+SSLCipherSuite
RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
Reminds me a bit of:
http://journal.paul.querna.org/articles/2010/07/10/overclockin
g-mod_ssl/
Can't we simplify that to:
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5
Since it's basically the same:
i.ga...@panic ~/Projects/asf/httpd (svn)-[trunk:966169] %
openssl ciphers 'RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5'|md5sum -
c1977a5b8a9cea42329be929398c6941 -
i.ga...@panic ~/Projects/asf/httpd (svn)-[trunk:966169] %
openssl ciphers
'RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL' | md5sum -
c1977a5b8a9cea42329be929398c6941 -
OpenSSL experts might want to disagree with me at this point.
Not an openssl expert, but: depending on the build options
and openssl
version, e.g. IDEA-CBC-SHA is part of the longer cipher
suite, but not
part of yours (checked for 0.9.8o).
Given that, lets stay with the old setting.
Rüdiger: could you please clarify: old means the one I committed earlier
today (r966055), or the one that was in place before my change?
Regards,
Rainer