openssl.org web site certificate renewed

[Lutz Jaenicke]

Hi!

I have just installed a new 3 year wildcard *.openssl.org certificate
to our web site.
Thanks to GlobalSign for the new donation.

The migration should work more or less unnoted for the users. If you
experience any problems please drop me a message.

Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl-dev] openssl.org web site certificate renewed

[Erwann ABALEA]

Bonjour,

Hodie III Kal. Sep. MMXI, Lutz Jaenicke scripsit:
 I have just installed a new 3 year wildcard *.openssl.org certificate
 to our web site.
 Thanks to GlobalSign for the new donation.
 
 The migration should work more or less unnoted for the users. If you
 experience any problems please drop me a message.

Thanks to them, yes.

Maybe you could remove the root CA from file designed by the
SSLCertificateChainFile directive? It's useless to send it to the
client, as you know, and you may gain 1 TCP packet (+ ACK in return)
during the negotiation.

You should also disable SSLv2, and 128bits ciphers.

-- 
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org