On Sun, 7 Jul 2013, Aaron Stellman wrote: > On Tue, Apr 23, 2013 at 09:08:19AM +0200, Otto Moerbeek wrote: > > If there is any interest, I might add the manual stuff, get ok's and > > commit it. > > I find it useful to have SSLHonorCipherOrder in OpenBSD's apache.
More than that, AFAIK it is necessary to mitigate some of the TLS crypto attacks. IMO it is well worth having. It would also be good if someone could make a patch to enable ECDHE cipher suites in Apache-1.x. This nginx patch is a good reference to what needs to be done: http://hg.nginx.org/nginx/rev/0832a6997227 -d
