- update default SSLCipherSuite per upstream trunk

httpd.spec

@@ -7,7 +7,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.2.17
-Release: 5%{?dist}
+Release: 6%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -486,6 +486,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/httpd/build/*.sh
 
 %changelog
+* Sat Jan  8 2011 Joe Orton <jorton@redhat.com> - 2.2.17-6
+- update default SSLCipherSuite per upstream trunk
+
 * Wed Jan  5 2011 Joe Orton <jorton@redhat.com> - 2.2.17-5
 - fix requires (#667397)
 

ssl.conf

@@ -94,9 +94,15 @@ SSLEngine on
 SSLProtocol all -SSLv2
 
 #   SSL Cipher Suite:
-# List the ciphers that the client is permitted to negotiate.
+#   List the ciphers that the client is permitted to negotiate.
-# See the mod_ssl documentation for a complete list.
+#   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+
+#   SSL Cipher Honor Order:
+#   On a busy HTTPS server you may want to enable this directive
+#   to force clients to use one of the faster ciphers like RC4-SHA
+#   or AES128-SHA in the order defined by SSLCipherSuite.
+#SSLHonorCipherOrder on 
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If