Here's my proposed comment to inject in trunk/2.4/2.2 default httpd-ssl.conf - any adjustments here? # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.+1
Agreed +1. That's nice and informative.I couldn't tell from the discussion if this config was being pushed in to 2.2. It is? If so, that's great. It'll help me justify pushing it to our customer shipping installations.
