Bug#649020: apache2: stronger and faster default SSL config
Package: apache2.2-common
Version: 2.2.21-2
Severity: wishlist
Based on a lot of reading and testing, I've come up with what I believe
is a good combination of compatibility, security and speed for a mod_ssl
configuration:
SSLProtocol TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!kEDH
(We currently don't have any of the above directives in
/etc/apache2/sites-available/default-ssl so I'm proposing we add them.)
It removes weak ciphers, prefers the fast ones and protects against the
BEAST attack. See more details here:
http://feeding.cloud.geek.nz/2011/11/ideal-openssl-configuration-for-apache.html
Cheers,
Francois
Reply to: