Disable AECDH ciphers in example config by using !aNULL (which includes

author Stefan Fritsch <sf@apache.org>

Mon, 13 Jun 2011 19:21:57 +0000 (19:21 +0000)

committer Stefan Fritsch <sf@apache.org>

Mon, 13 Jun 2011 19:21:57 +0000 (19:21 +0000)
author Stefan Fritsch <sf@apache.org>
Mon, 13 Jun 2011 19:21:57 +0000 (19:21 +0000)
committer Stefan Fritsch <sf@apache.org>
Mon, 13 Jun 2011 19:21:57 +0000 (19:21 +0000)
diff --git a/CHANGES b/CHANGES

index b704e4ce61f5719fa25399bad59434934a75242c..30cb0b95ff42675f40b6d438a1ddd9bcf411d8a6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
  
  Changes with Apache 2.3.13
  
+  *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
+     [Rob Stradling <rob comodo com>]
+
    *) core: Introduce new function ap_get_conn_socket() to access the socket of
       a connection. [Stefan Fritsch]
  
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in

index da95338c89fe0993e60e3b745b2c1641bd4121a8..4012b6d131b3e5efbc684d295e3ec46933556b9b 100644 (file)
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -48,7 +48,7 @@ Listen @@SSLPort@@
  #   SSL Cipher Suite:
  #   List the ciphers that the client is permitted to negotiate.
  #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
  
  #   SSL Cipher Honor Order:
  #   On a busy HTTPS server you may want to enable this directive
author	Stefan Fritsch <sf@apache.org>
	Mon, 13 Jun 2011 19:21:57 +0000 (19:21 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Mon, 13 Jun 2011 19:21:57 +0000 (19:21 +0000)
CHANGES		patch \| blob \| blame \| history
docs/conf/extra/httpd-ssl.conf.in		patch \| blob \| blame \| history