On 10/7/2011 12:05 AM, Kaspar Brand wrote: > On 06.10.2011 10:58, Rainer Jung wrote: >> On 02.10.2011 09:07, William A. Rowe Jr. wrote: >>> -1 in this respect; faster is not more secure. We must default to setting >>> the strictest cipher choices, with a commented-out "this is faster, but far >>> less secure" alternative for those with less targeted assets. >>> >>> If someone is enabling mod_ssl, it is to secure their traffic, not to speed >>> up their server. >>> >>> And no, MD4, although immune to *this* vector, is simply not preferable. >> >> Our current 2.2.x SSLCipherSuite contains e.g. SSLv2 and export ciphers. >> So there is a need to improve. My suggestion is a straight backport from >> trunk. >> >> So what is the "strictest cipher choice" you suggest? > > Assuming s/MD4/RC4/ in Bill's message, it seems that > > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 > > would be more appropriate for mod_ssl's default config. > > I agree that the current SSLCipherSuite default in 2.2.x should be > improved (yes, right now it even includes suites with 40-bit > encryption!), but giving specific precedence to RC4-SHA and AES128-SHA > doesn't really feel right for a default config file. [1] > > Kaspar > > [1] in trunk, the SSLCipherSuite change in r966160 was inspired by > http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/, > which > is basically favoring speed over cryptographic strength.
Exactly... we should default to a server with a preference for cryptographic strength, but I have no objection to offering a commented-out, clearly documented 'alternative' configuration favoring performance, provided that is clearly labeled as 'not for sensitive data'.
