Skip to content
  1. May 16, 2017
    • William A. Rowe Jr's avatar
      Remove 3DES by default for users of older crypto librarys; the cipher · 50af83b2
      William A. Rowe Jr authored
      has been reclassified in current OpenSSL releases as WEAK due to 112
      or fewer bits of remaining cipher strength, while the Sweet32 disclosure
      extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the
      same issue, is never enabled by default in OpenSSL, due to patent concerns.)
      
      This commit does not change default httpd behavior, but alters the suggested
      behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will
      no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.)
      The same net effect occurs where OpenSSL is updated to 1.1.0.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1795360 13f79535-47bb-0310-9956-ffa450edef68
      50af83b2
  2. May 06, 2017
  3. Feb 17, 2017
  4. Feb 07, 2017
  5. Jan 21, 2017
  6. Jan 19, 2017
  7. Jan 15, 2017
  8. Jan 14, 2017
  9. Jan 09, 2017
  10. Jan 08, 2017
  11. Jan 07, 2017
  12. Jan 06, 2017
  13. Jan 05, 2017