> -----Original Message----- > From: Rainer Jung > Sent: Mittwoch, 21. Juli 2010 14:46 > To: dev@httpd.apache.org > Subject: Re: svn commit: r966055 - > /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in > > On 21.07.2010 12:59, Igor Galić wrote: > > > > > > +SSLCipherSuite > RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL > > Reminds me a bit of: > http://journal.paul.querna.org/articles/2010/07/10/overclockin > g-mod_ssl/ > > > > Can't we simplify that to: > > > > SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5 > > > > Since it's basically the same: > > > > i.ga...@panic ~/Projects/asf/httpd (svn)-[trunk:966169] % > openssl ciphers 'RC4-SHA:AES128-SHA:HIGH:!ADH:!MD5'|md5sum - > > c1977a5b8a9cea42329be929398c6941 - > > i.ga...@panic ~/Projects/asf/httpd (svn)-[trunk:966169] % > openssl ciphers > 'RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL' | md5sum - > > c1977a5b8a9cea42329be929398c6941 - > > > > OpenSSL experts might want to disagree with me at this point. > > Not an openssl expert, but: depending on the build options > and openssl > version, e.g. IDEA-CBC-SHA is part of the longer cipher > suite, but not > part of yours (checked for 0.9.8o).
Given that, lets stay with the old setting. Regards Rüdiger
