Looks good to me, thanks!
I committed r1679470 in trunk and proposed a backport to 2.4.x (will
propose a v2 for my 2.2.x patch which is also concerned), since
SSL_DEFAULT_CIPHER_LIST (default when no SSL[Proxy]CipherSuite is
configured) does not include "!aNULL:!eNULL" for older OpenSSL
versions (
Proposed for backport on both 2.2 and 2.4 branches.
On Thu, May 14, 2015 at 1:44 PM, wrote:
> Author: wrowe
> Date: Thu May 14 18:44:52 2015
> New Revision: 1679428
>
> URL: http://svn.apache.org/r1679428
> Log:
> Conform to RFC 7525, with additional suggestion to drop RSA Kx ciphers
>
> Modifi
