On 05/26/2015 11:25 AM, William A Rowe Jr wrote:
On Tue, May 26, 2015 at 10:45 AM, Yann Ylavic <ylavic....@gmail.com <mailto:ylavic....@gmail.com>> wrote: On Tue, May 26, 2015 at 5:29 PM, Andy Wang <aw...@ptc.com <mailto:aw...@ptc.com>> wrote: > >> # SSL Cipher Suite: >> # List the ciphers that the client is permitted to negotiate. >> # See the mod_ssl documentation for a complete list. >> SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 >> SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 > > !aNULL isn't needed? No since !aNULL:!eNULL:!EXP is forcibly added to the configured ciphersuite. A legitimate question, however. The example should document this IMHO. Getting right on that.
I initially thought openssl disabled the NULL ones by default but when i started playing with openssl cipher strings and saw them I got confused. Didn't even consider that httpd did it automatically. Documenting it would be a nice touch. Thanks for doing that.
Andy
