Aaron Stellman <[email protected]> writes: > As you may or may not know, SSLHonorCipherOrder is supported since > apache 2.1. > > This diff ports this feature to OpenBSD's httpd. Its effects can be > tested @ https://www.ssllabs.com/ssltest/analyze.html?d=example.com by > playing with SSLHonorCipherOrder/SSLCipherSuite directives.
Otto Moerbeek had already done work about this, but no one commented on the mailing-list: http://marc.info/?l=openbsd-tech&m=136670100711787&w=2 > SSLHonorCipherOrder directive is useful for prioritizing certain crypto > parameters over others. I use to to prioritize GCM over RC4, and RC4 > over CBC based ciphers to reduce chance of BEAST attack. > > It's documented @ > http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslhonorcipherorder > > This diff is adapted from r103832 @ > http://svn.apache.org/repos/asf/httpd (subversion) Does that mean that the code is constrained by the Apache 2.0 licence? -- Jérémie Courrèges-Anglas PGP Key fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
