Testing the default configuration of the SSL part (included mod_ssl) of apache2 of FreeBSD 8.2 (i386) was noted that the default /usr/local/etc/apache/extra/httpd-ssl.conf configuration regarding SSL cipher suite strength and SSL protocol support is pretty bad: SSL 2.0 is enabled, weak cipher suites (DES based) and export cipher suites (including RC2 based ones) are enabled. -> these should be disabled by default. Test results: http://www.carbonwind.net/blog/post/On-scope-default-SSLTLS-settings-shipped-on-various-Linux-distros-for-Apache-22x.aspx
State Changed From-To: open->feedback to which port does this PR apply?
Responsible Changed From-To: freebsd-i386->freebsd-ports-bugs
Installation details: pkg_info apache-2.2.17_1 Version 2.2.x of Apache web server with prefork MPM. pkg_version apache = uname -a FreeBSD freebsd.example.net 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
State Changed From-To: feedback->open
Responsible Changed From-To: freebsd-ports-bugs->apache
Responsible Changed From-To: apache->pgollucci I will take it.
pgollucci 2012-01-18 03:44:39 UTC FreeBSD ports repository Modified files: www/apache22/files patch-docs__conf__extra__httpd-ssl.conf.in Log: - Pull r1227293 from httpd svn Note, you have to actually uncomment the include for this to take affect - No PORTREVISION bump since nothing changes by default PR: ports/156987 Reported by: Adrian Dimcev <adimcev@carbonwind.net> With Hat: apache@ Revision Changes Path 1.2 +40 -20 ports/www/apache22/files/patch-docs__conf__extra__httpd-ssl.conf.in _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, Thanks!