]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f305c0e) | patch
Remove 3DES by default for users of older crypto librarys; the cipher
authorWilliam A. Rowe Jr <wrowe@apache.org>
Tue, 16 May 2017 19:33:36 +0000 (19:33 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Tue, 16 May 2017 19:33:36 +0000 (19:33 +0000)
commit731634283933cda8c94f27b953f41e0e325db923
tree5b91685c0ef272881f94ce12dc3b763108fb4035tree
parentf305c0ed07d3840d25683fb30422b3e77dcccc4ccommit | diff
Remove 3DES by default for users of older crypto librarys; the cipher
has been reclassified in current OpenSSL releases as WEAK due to 112
or fewer bits of remaining cipher strength, while the Sweet32 disclosure
extended the criticism of RC4 on to 3DES. (IDEA, which potentially has the
same issue, is never enabled by default in OpenSSL, due to patent concerns.)

This commit does not change default httpd behavior, but alters the suggested
behavior of newly provisioned httpd servers. Where adopted, XP with IE8 will
no longer handshake with mod_ssl (previously, XP with IE6 would not handshake.)
The same net effect occurs where OpenSSL is updated to 1.1.0.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1795358 13f79535-47bb-0310-9956-ffa450edef68
docs/conf/extra/httpd-ssl.conf.in diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git