Bonjour,
Hodie III Kal. Sep. MMXI, Lutz Jaenicke scripsit:
I have just installed a new 3 year wildcard *.openssl.org certificate
to our web site.
Thanks to GlobalSign for the new donation.
The migration should work more or less unnoted for the users. If you
experience any problems please drop me a message.
Thanks to them, yes.
Maybe you could remove the root CA from file designed by the
SSLCertificateChainFile directive? It's useless to send it to the
client, as you know, and you may gain 1 TCP packet (+ ACK in return)
during the negotiation.
You should also disable SSLv2, and 128bits ciphers.
--
Erwann ABALEA erwann.aba...@keynectis.com
Département RD
KEYNECTIS
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org