From: William A. Rowe Jr <wrowe@apache.org>
Date: Wed, 27 May 2015 18:59:59 +0000 (+0000)
Subject: Clarify the change to the default cipher suite lists
X-Git-Tag: 2.2.30~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f93e4f6ee59c7ceafe547b79f534b8133acd785e;p=thirdparty%2Fapache%2Fhttpd.git

Clarify the change to the default cipher suite lists

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1682099 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index df71ec9d8c3..3eeb8de1b96 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -54,6 +54,8 @@ AddType application/x-pkcs7-crl    .crl
 #   and that httpd will negotiate as the client of a proxied server.
 #   See the OpenSSL documentation for a complete list of ciphers, and
 #   ensure these follow appropriate best practices for this deployment.
+#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
+#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4