May I gently ask if there is still a chance for this backport or even regular update of apache2 to happen for Wheezy?
ECDHE ciphers are being adopted rapidly all over the internet. I believe Debian Wheezy, with its many installations at ISPs or hosting providers, would really make a difference here towards much more PFS being used and without a (massive) performance drawback. May I stress the point that this "problem" is caused only by the version of apache2 and not the underlying ssl libraries. Those very much are up to date on ECDHE ciphers. And there was a reason the apache folks decided to backport EC support to their 2.2 tree. On Mon, 30 Dec 2013 15:23:17 +0100 Kurt Roeckx wrote: > About the only thing not supporting ECDHE is java 6 and internet > explorer on windows XP. Internet explorer is also the only one > that doesn't have ECDHE (or even DHE) at the top the prefered > ciphers. > > That means that all other browser that are tracked there have > support for ECDHE and have it as most prefered cipher. > > MacOS had a problem with the ECDSA version of it, which seems > surprisingly popular, but it was fixed. But I was under the > impression that apple didn't encourage users to upgrade when it > was fixed. I'm not sure if that changed in the mean time. The arguments regarding problems on various clients are simply a matter of sensible defaults (for the discussed update or backport of the apache2 package) and then a sensible configuration for the particular installation or use case. But, most browser problems with ciphers should have been fixed in the meantime. With every new browser version, be it FF or Chrome or whatever, stronger crypto is enabled or even forced. Thanks for your work Regards Christian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org