gs.fedoraproject.org/cgit/rpms/httpd.git/tree/10-listen443.conf)
If it's too hard, leave the current patch as is.
Cheers,
--
Mathieu Parent
severity 654764 wishlist
tags 654764 +wontfix
thanks
2012/1/6 Stefan Fritsch s...@sfritsch.de:
On Thursday 05 January 2012, Mathieu Parent wrote:
The BEAST vulnerability [1] can be prevented by removing all CBC
ciphers from your list of allowed ciphers—leaving only the RC4
cipher.
I don't
RC4 to the top of
the list:
-SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5
+SSLCipherSuite RC4:HIGH:MEDIUM:!ADH:!MD5:!SSLv2
(this almost-patch also disables SSLv2 ciphers)
[1]: http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0
--
Mathieu Parent
--
To UNSUBSCRIBE, email to debian-apache
To be efficient, the server cipher order should be used:
# Mitigate B.E.A.S.T attack
SSLHonorCipherOrder on
SSLCipherSuite RC4:HIGH:MEDIUM:!ADH:!MD5:!SSLv2
SSLProtocol all -SSLv2
Regards
--
Mathieu Parent
--
To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org
the version and arch (for example 29-Sep-2011
23:00 is apache2 2.2.16-6+squeeze4 amd64)
Recommendation: remove the Indexes option in
'config-dir/mods-available/alias.conf' [1].
Regards
--
Mathieu Parent
[1]:
http://anonscm.debian.org/viewvc/pkg-apache/trunk/apache2/config-dir/mods-available
According to http://monkey.org/openbsd/archive/ports/0205/msg00011.html :
Change around the order of the Apache modules, this is one of the
drawbacks to the module API for Apache 1.3 is that the order is very
important. I would try making the PHP 4 module first, Perl module second
and FP module
I have the same bug with this conf:
installed OCS Inventory NG (http://ocsinventory.sourceforge.net/),
with this apache config :
PerlRequire /var/www/ocsinventory-NG/Ocsinventory_startup.pl
Location /ocsinventory
order deny,allow
allow from all
SetHandler perl-script
7 matches
Mail list logo