Package: apache2.2-common Version: 2.2.21-2 Severity: wishlist
Based on a lot of reading and testing, I've come up with what I believe is a good combination of compatibility, security and speed for a mod_ssl configuration: SSLProtocol TLSv1 SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!kEDH (We currently don't have any of the above directives in /etc/apache2/sites-available/default-ssl so I'm proposing we add them.) It removes weak ciphers, prefers the fast ones and protects against the BEAST attack. See more details here: http://feeding.cloud.geek.nz/2011/11/ideal-openssl-configuration-for-apache.html Cheers, Francois -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
