On 06.10.2011 10:58, Rainer Jung wrote: > On 02.10.2011 09:07, William A. Rowe Jr. wrote: >> -1 in this respect; faster is not more secure. We must default to setting >> the strictest cipher choices, with a commented-out "this is faster, but far >> less secure" alternative for those with less targeted assets. >> >> If someone is enabling mod_ssl, it is to secure their traffic, not to speed >> up their server. >> >> And no, MD4, although immune to *this* vector, is simply not preferable. > > Our current 2.2.x SSLCipherSuite contains e.g. SSLv2 and export ciphers. > So there is a need to improve. My suggestion is a straight backport from > trunk. > > So what is the "strictest cipher choice" you suggest?
Assuming s/MD4/RC4/ in Bill's message, it seems that SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 would be more appropriate for mod_ssl's default config. I agree that the current SSLCipherSuite default in 2.2.x should be improved (yes, right now it even includes suites with 40-bit encryption!), but giving specific precedence to RC4-SHA and AES128-SHA doesn't really feel right for a default config file. [1] Kaspar [1] in trunk, the SSLCipherSuite change in r966160 was inspired by http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/, which is basically favoring speed over cryptographic strength.