From 0e9583d1593c12364e0a5bdf2b5cae0e1949e3c5 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Sat, 8 Jan 2011 08:41:29 +0000 Subject: [PATCH] - update default SSLCipherSuite per upstream trunk --- httpd.spec | 5 ++++- ssl.conf | 12 +++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/httpd.spec b/httpd.spec index 3eb1398..e1645ba 100644 --- a/httpd.spec +++ b/httpd.spec @@ -7,7 +7,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.2.17 -Release: 5%{?dist} +Release: 6%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -486,6 +486,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/httpd/build/*.sh %changelog +* Sat Jan 8 2011 Joe Orton - 2.2.17-6 +- update default SSLCipherSuite per upstream trunk + * Wed Jan 5 2011 Joe Orton - 2.2.17-5 - fix requires (#667397) diff --git a/ssl.conf b/ssl.conf index 07fe32b..384c354 100644 --- a/ssl.conf +++ b/ssl.conf @@ -94,9 +94,15 @@ SSLEngine on SSLProtocol all -SSLv2 # SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL + +# SSL Cipher Honor Order: +# On a busy HTTPS server you may want to enable this directive +# to force clients to use one of the faster ciphers like RC4-SHA +# or AES128-SHA in the order defined by SSLCipherSuite. +#SSLHonorCipherOrder on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If