Commit ac4a095c authored by wrowe's avatar wrowe
Browse files

Clarify the change to the default cipher suite lists 

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1682099 13f79535-47bb-0310-9956-ffa450edef68
parent b53f3df4

docs/conf/extra/httpd-ssl.conf.in

+2 −0
Original line number Diff line number Diff line
@@ -54,6 +54,8 @@ AddType application/x-pkcs7-crl .crl 
#   and that httpd will negotiate as the client of a proxied server.

#   See the OpenSSL documentation for a complete list of ciphers, and

#   ensure these follow appropriate best practices for this deployment.

#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,

#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4