[apache2] 03/03: Add some comments about SSLHonorCipherOrder in ssl.conf

[Stefan Fritsch]

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 1d87460be9d91b425acaf3aab490e63edf1c0b68
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun Sep 28 14:27:33 2014 +0200

    Add some comments about SSLHonorCipherOrder in ssl.conf
---
 debian/changelog                          | 1 +
 debian/config-dir/mods-available/ssl.conf | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f2de033..c2d288d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
 apache2 (2.4.10-3) UNRELEASED; urgency=medium
 
   * Include mod_authnz_fcgi. Closes: #762908
+  * Add some comments about SSLHonorCipherOrder in ssl.conf. Closes: #746359
   * Remove misleading sentence in apache2-bin's description. Closes: #762645
   * Remove trailing space in apache2/suexec/www-data. Closes: #719930
   * Add NEWS entry for the logrotate change in 2.4.10-2.
diff --git a/debian/config-dir/mods-available/ssl.conf b/debian/config-dir/mods-available/ssl.conf
index 2df2338..a0d7adc 100644
--- a/debian/config-dir/mods-available/ssl.conf
+++ b/debian/config-dir/mods-available/ssl.conf
@@ -58,6 +58,15 @@
 	#   Enable only secure ciphers:
 	SSLCipherSuite HIGH:!aNULL
 
+	# SSL server cipher order preference:
+	# Use server priorities for cipher algorithm choice.
+	# Clients may prefer lower grade encryption.  You should enable this
+	# option if you want to enforce stronger encryption, and can afford
+	# the CPU cost, and did not override SSLCipherSuite in a way that puts
+	# insecure ciphers first.
+	# Default: Off
+	#SSLHonorCipherOrder on
+
 	#   The protocols to enable.
 	#   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
 	#   SSL v2  is no longer supported

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git