[apache2] 03/03: Add some comments about SSLHonorCipherOrder in ssl.conf
Stefan Fritsch
sf at moszumanska.debian.org
Sun Sep 28 12:32:25 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit 1d87460be9d91b425acaf3aab490e63edf1c0b68
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun Sep 28 14:27:33 2014 +0200
Add some comments about SSLHonorCipherOrder in ssl.conf
---
debian/changelog | 1 +
debian/config-dir/mods-available/ssl.conf | 9 +++++++++
2 files changed, 10 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index f2de033..c2d288d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
apache2 (2.4.10-3) UNRELEASED; urgency=medium
* Include mod_authnz_fcgi. Closes: #762908
+ * Add some comments about SSLHonorCipherOrder in ssl.conf. Closes: #746359
* Remove misleading sentence in apache2-bin's description. Closes: #762645
* Remove trailing space in apache2/suexec/www-data. Closes: #719930
* Add NEWS entry for the logrotate change in 2.4.10-2.
diff --git a/debian/config-dir/mods-available/ssl.conf b/debian/config-dir/mods-available/ssl.conf
index 2df2338..a0d7adc 100644
--- a/debian/config-dir/mods-available/ssl.conf
+++ b/debian/config-dir/mods-available/ssl.conf
@@ -58,6 +58,15 @@
# Enable only secure ciphers:
SSLCipherSuite HIGH:!aNULL
+ # SSL server cipher order preference:
+ # Use server priorities for cipher algorithm choice.
+ # Clients may prefer lower grade encryption. You should enable this
+ # option if you want to enforce stronger encryption, and can afford
+ # the CPU cost, and did not override SSLCipherSuite in a way that puts
+ # insecure ciphers first.
+ # Default: Off
+ #SSLHonorCipherOrder on
+
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list