----- Original Message ----- > On 14.11.2011 15:46, William A. Rowe Jr. wrote: > > Isn't it similarly time to deploy SSLProtocol -SSLv2 by default? > > Oh yes, definitely. I didn't realize that "all" is still the default > for > SSLProtocol... for trunk and 2.4, I would suggest to change the > defaults > in the code. In decreasing order of preference: > > - completely drop SSLv2 support > > - change the default (in modssl_ctx_init) to > SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV2
+1 > The first option also means that we would "comply" with RFC 6176 (in > case someone complains about mod_ssl dropping support for a clearly > outdated and insecure protocol). > > Kaspar > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
