Date: Thu, 12 May 2011 21:18:17 GMT From: Adrian Dimcev <adimcev@carbonwind.net> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/156987: Harden SSL cipher suites strength and SSL protocol support of /usr/local/etc/apache/extra/httpd-ssl.conf Message-ID: <201105122118.p4CLIHjL016308@red.freebsd.org> Resent-Message-ID: <201105122120.p4CLK8cf090820@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 156987 >Category: i386 >Synopsis: Harden SSL cipher suites strength and SSL protocol support of /usr/local/etc/apache/extra/httpd-ssl.conf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu May 12 21:20:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Adrian Dimcev >Release: FreeBSD-8.2-RELEASE-i386 >Organization: >Environment: >Description: Testing the default configuration of the SSL part(included mod_ssl)of Apache2 of FreeBSD 8.2(i386) was noted that the default /usr/local/etc/apache/extra/httpd-ssl.conf configuration regarding SSL cipher suite strength and SSL protocol support is pretty bad: SSL 2.0 is enabled, weak cipher suites(DES based) and export cipher suites(including RC2 based ones) are enabled. -> these should be disabled by default. Test results: http://www.carbonwind.net/blog/post/On-scope-default-SSLTLS-settings-shipped-on-various-Linux-distros-for-Apache-22x.aspx >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105122118.p4CLIHjL016308>