| Description |
The configuration of the SSL/TLS support in Apache has been improved:
- Apache no longer accepts various insecure ciphers and hash algorithms
(e.g. RC4, MD5 and the outdated "export ciphers") by default. Note
that such algorithms would not have been negotiated if the TLS
client supports current crypto algorithms. A different set of ciphers
can be configured using the new UCR variable 'apache2/ssl/ciphersuite'.
- If the new UCR variable 'apache2/ssl/honorcipherorder' is set, the
server choice of ciphers is used instead of the ciphers preferred by
the TLS client.
Please refer to the UCR variable descriptions for additional details. |
