From b41bf3dbf0137ac118e99f8567de5766d584b900 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Mon, 13 Jun 2011 19:21:57 +0000 Subject: [PATCH] Disable AECDH ciphers in example config by using !aNULL (which includes all ciphers without authentication. PR: 51363 Submitted by: Rob Stradling git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1135234 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ docs/conf/extra/httpd-ssl.conf.in | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index b704e4ce61..30cb0b95ff 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.13 + *) mod_ssl: Disable AECDH ciphers in example config. PR 51363. + [Rob Stradling ] + *) core: Introduce new function ap_get_conn_socket() to access the socket of a connection. [Stefan Fritsch] diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index da95338c89..4012b6d131 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -48,7 +48,7 @@ Listen @@SSLPort@@ # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL +SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL # SSL Cipher Honor Order: # On a busy HTTPS server you may want to enable this directive -- 2.40.0