From: Stefan Fritsch <sf@apache.org>
Date: Mon, 13 Jun 2011 19:21:57 +0000 (+0000)
Subject: Disable AECDH ciphers in example config by using !aNULL (which includes
X-Git-Tag: 2.3.13~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b41bf3dbf0137ac118e99f8567de5766d584b900;p=thirdparty%2Fapache%2Fhttpd.git

Disable AECDH ciphers in example config by using !aNULL (which includes
all ciphers without authentication.

PR: 51363
Submitted by: Rob Stradling <rob comodo com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1135234 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index b704e4ce61f..30cb0b95ff4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.13
 
+  *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
+     [Rob Stradling <rob comodo com>]
+
   *) core: Introduce new function ap_get_conn_socket() to access the socket of
      a connection. [Stefan Fritsch]
 
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index da95338c89f..4012b6d131b 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -48,7 +48,7 @@ Listen @@SSLPort@@
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
 
 #   SSL Cipher Honor Order:
 #   On a busy HTTPS server you may want to enable this directive