Remove 3DES by default for users of older crypto librarys; the cipher
has been reclassified in current OpenSSL releases as WEAK due to 112 or fewer bits of remaining cipher strength, while the Sweet32 disclosure extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the same issue, is never enabled by default in OpenSSL, due to patent concerns.) This commit does not change default httpd behavior, but alters the suggested behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.) The same net effect occurs where OpenSSL is updated to 1.1.0. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1795359 13f79535-47bb-0310-9956-ffa450edef68
parent
53463dbf
Please register or sign in to comment