From: William A. Rowe Jr Date: Tue, 5 May 2015 01:29:23 +0000 (+0000) Subject: Unassociated correction, to globalize the default suggested SSLProtocol X-Git-Tag: 2.2.30~131 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f065fadc2861b3809b6798accbd1977e32241ca7;p=thirdparty%2Fapache%2Fhttpd.git Unassociated correction, to globalize the default suggested SSLProtocol directive disabling SSLv2. Not strictly required since this is now the global default. This directive should travel with SSLCipherSuite, however it no longer existed in the corresponding commits to trunk/ and 2.4.x/. Applied C-T-R following docs/ process. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1677722 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index 2ef2ab0be5b..e04f98c2439 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -67,6 +67,11 @@ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on +# SSL Protocol support: +# List the protocol versions which clients are allowed to +# connect with. Disable SSLv2 by default (cf. RFC 6176). +SSLProtocol all -SSLv2 + # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal @@ -102,11 +107,6 @@ TransferLog "@exp_logfiledir@/access_log" # Enable/Disable SSL for this virtual host. SSLEngine on -# SSL Protocol support: -# List the protocol versions which clients are allowed to -# connect with. Disable SSLv2 by default (cf. RFC 6176). -SSLProtocol all -SSLv2 - # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a