Bonjour, Hodie III Kal. Sep. MMXI, Lutz Jaenicke scripsit: > I have just installed a new 3 year wildcard "*.openssl.org" certificate > to our web site. > Thanks to GlobalSign for the new donation. > > The migration should work more or less unnoted for the users. If you > experience any problems please drop me a message.
Thanks to them, yes. Maybe you could remove the root CA from file designed by the SSLCertificateChainFile directive? It's useless to send it to the client, as you know, and you may gain 1 TCP packet (+ ACK in return) during the negotiation. You should also disable SSLv2, and <128bits ciphers. -- Erwann ABALEA <erwann.aba...@keynectis.com> Département R&D KEYNECTIS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
