On Sun, Dec 26, 2021 at 2:59 PM Yann Ylavic <ylavic....@gmail.com> wrote: > > On Sat, Dec 25, 2021 at 10:12 AM <jaillet...@apache.org> wrote: > > > > <directivesynopsis> > > <name>TLSHonorClientOrder</name> > > - <description></description> > > + <description>determines if the order of ciphers supported by the > > client is honored</description> > > <syntax>TLSHonorClientOrder on|off</syntax> > > + <default>TLSHonorClientOrder on</default> > > Not about this particular commit but this caught my eyes. > TLSHonorClientOrder seems to be the reverse of SSLHonorCipherOrder in > mod_ssl (i.e. SSL_OP_CIPHER_SERVER_PREFERENCE) which is "off" by > default (for legacy reasons I think) but usually recommended as "on". > > So I wonder, shouldn't TLSHonorClientOrder default to "off" since > there is no compat issue with mod_tls?
I think OFF (servers preference) is the most reasonable default.
