Here's my proposed comment to inject in trunk/2.4/2.2 default httpd-ssl.conf
- any adjustments here?
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
+1
Agreed +1. That's nice and
On Tue, May 26, 2015 at 11:45 AM, Andy Wang aw...@ptc.com wrote:
On 05/26/2015 11:25 AM, William A Rowe Jr wrote:
On Tue, May 26, 2015 at 10:45 AM, Yann Ylavic ylavic@gmail.com
mailto:ylavic@gmail.com wrote:
On Tue, May 26, 2015 at 5:29 PM, Andy Wang aw...@ptc.com
On Wed, May 27, 2015 at 5:58 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
On Tue, May 26, 2015 at 11:45 AM, Andy Wang aw...@ptc.com wrote:
I initially thought openssl disabled the NULL ones by default but when i
started playing with openssl cipher strings and saw them I got confused.
On Tue, May 26, 2015 at 10:45 AM, Yann Ylavic ylavic@gmail.com wrote:
On Tue, May 26, 2015 at 5:29 PM, Andy Wang aw...@ptc.com wrote:
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
On Tue, May 26, 2015 at 5:29 PM, Andy Wang aw...@ptc.com wrote:
---
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
---
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
!aNULL isn't needed?
On 05/26/2015 11:25 AM, William A Rowe Jr wrote:
On Tue, May 26, 2015 at 10:45 AM, Yann Ylavic ylavic@gmail.com
mailto:ylavic@gmail.com wrote:
On Tue, May 26, 2015 at 5:29 PM, Andy Wang aw...@ptc.com
mailto:aw...@ptc.com wrote:
# SSL Cipher Suite:
# List
On 05/06/2015 07:22 PM, William A Rowe Jr wrote:
Here is my proposed global config for httpd.conf.in
http://httpd.conf.in for 2.4 and 2.2, which I believe mirrors the
'MUST' of RFC 7525.
So new default configs are improved, and that's great.
Any joint interest in maintaining a guide to
On 23 May 2015, at 12:50, Jeff Trawick traw...@gmail.com wrote:
On 05/06/2015 07:22 PM, William A Rowe Jr wrote:
Here is my proposed global config for httpd.conf.in for 2.4 and 2.2, which I
believe mirrors the 'MUST' of RFC 7525.
So new default configs are improved, and that's great.
Thanks Christian.
On 11/05/2015 01:57, Christian Seiler wrote:
On 05/10/2015 03:26 AM, Noel Butler wrote:
Can any SUSE and debian users confirm the current supported stable
release supports 1.2?
Currently, three Debian releases are still supported:
- Debian Jessie (current
On 05/10/2015 03:26 AM, Noel Butler wrote:
Can any SUSE and debian users confirm the current supported stable
release supports 1.2?
Currently, three Debian releases are still supported:
- Debian Jessie (current stable)
* released 2015-04
- main support will end 2018-05
On 07/05/2015 12:17, William A Rowe Jr wrote:
On May 6, 2015 9:09 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
On May 6, 2015 8:12 PM, Noel Butler noel.but...@ausics.net wrote:
On 07/05/2015 09:22, William A Rowe Jr wrote:
For trunk, I propose we drop TLSv1 and TLSv1.1
On 10/05/2015 11:08, Reindl Harald wrote:
Am 10.05.2015 um 03:02 schrieb Noel Butler:
Either way, using slackware on all my servers its trivial since the
distro keeps pretty much up to date by design - unlike RH/debian and
their kiddy versions who bring out new releases with 2+yo
Am 10.05.2015 um 03:02 schrieb Noel Butler:
Either way, using slackware on all my servers its trivial since the
distro keeps pretty much up to date by design - unlike RH/debian and
their kiddy versions who bring out new releases with 2+yo libs and other
goodies, I'd just hesitate to drop them,
Here is my proposed global config for httpd.conf.in for 2.4 and 2.2, which
I believe mirrors the 'MUST' of RFC 7525. This includes restoring the
SSLProtocol -SSLv3 for 2.4 so that it is plainly visible, irrespective of
system defaults.
For trunk, I propose we drop TLSv1 and TLSv1.1 protocols and
On May 6, 2015 9:09 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
On May 6, 2015 8:12 PM, Noel Butler noel.but...@ausics.net wrote:
On 07/05/2015 09:22, William A Rowe Jr wrote:
For trunk, I propose we drop TLSv1 and TLSv1.1 protocols and simply
adopt the recommended cipher list
On 07/05/2015 09:22, William A Rowe Jr wrote:
For trunk, I propose we drop TLSv1 and TLSv1.1 protocols and simply adopt the
recommended cipher list illustrated below (!SSLv3) in the default
extra/httpd-ssl.conf source, following the SHOULD recommendations.
unless trunk is for the 2.6
On May 6, 2015 8:12 PM, Noel Butler noel.but...@ausics.net wrote:
On 07/05/2015 09:22, William A Rowe Jr wrote:
For trunk, I propose we drop TLSv1 and TLSv1.1 protocols and simply
adopt the recommended cipher list illustrated below (!SSLv3) in the default
extra/httpd-ssl.conf source,
18 matches
Mail list logo
