On Sat, Dec 25, 2021 at 10:12 AM <jaillet...@apache.org> wrote: > > <directivesynopsis> > <name>TLSHonorClientOrder</name> > - <description></description> > + <description>determines if the order of ciphers supported by the > client is honored</description> > <syntax>TLSHonorClientOrder on|off</syntax> > + <default>TLSHonorClientOrder on</default>
Not about this particular commit but this caught my eyes. TLSHonorClientOrder seems to be the reverse of SSLHonorCipherOrder in mod_ssl (i.e. SSL_OP_CIPHER_SERVER_PREFERENCE) which is "off" by default (for legacy reasons I think) but usually recommended as "on". So I wonder, shouldn't TLSHonorClientOrder default to "off" since there is no compat issue with mod_tls? Cheers; Yann.
