Clarify the change to the default cipher suite lists

author William A. Rowe Jr <wrowe@apache.org>

Wed, 27 May 2015 18:59:59 +0000 (18:59 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Wed, 27 May 2015 18:59:59 +0000 (18:59 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Wed, 27 May 2015 18:59:59 +0000 (18:59 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Wed, 27 May 2015 18:59:59 +0000 (18:59 +0000)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in

index df71ec9d8c325a62885400d821fda7c931eb094a..3eeb8de1b966a4bd76a7163cfd0f13408a74dfaa 100644 (file)
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -54,6 +54,8 @@ AddType application/x-pkcs7-crl    .crl
  #   and that httpd will negotiate as the client of a proxied server.
  #   See the OpenSSL documentation for a complete list of ciphers, and
  #   ensure these follow appropriate best practices for this deployment.
+#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
+#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
  SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
  SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
author	William A. Rowe Jr <wrowe@apache.org>
	Wed, 27 May 2015 18:59:59 +0000 (18:59 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Wed, 27 May 2015 18:59:59 +0000 (18:59 +0000)