From c0bdfa464b7c8b7d202b7a7ab31bc0e4b06a33fc Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Fri, 20 Jun 2014 10:54:36 +0100 Subject: [PATCH] mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119) Resolves: rhbz#1109119 --- httpd.spec | 5 ++++- ssl.conf | 8 +++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/httpd.spec b/httpd.spec index b14d656..d6acac2 100644 --- a/httpd.spec +++ b/httpd.spec @@ -14,7 +14,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.9 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -624,6 +624,9 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Fri Jun 20 2014 Joe Orton - 2.4.9-5 +- mod_ssl: don't use the default OpenSSL cipher suite in ssl.conf (#1109119) + * Sat Jun 07 2014 Fedora Release Engineering - 2.4.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild diff --git a/ssl.conf b/ssl.conf index ff60307..5c9b652 100644 --- a/ssl.conf +++ b/ssl.conf @@ -75,9 +75,11 @@ SSLEngine on SSLProtocol all -SSLv2 # SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# By leaving this directive commented out, the system-wide OpenSSL +# default is used. See update-crypto-policies(8) for more details. +#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.),