Bug#654764: SSLHonorCipherOrder missing

To: 654764@bugs.debian.org
Subject: Bug#654764: SSLHonorCipherOrder missing
From: Mathieu Parent <math.parent@gmail.com>
Date: Thu, 5 Jan 2012 18:00:21 +0100
Message-id: <[🔎] CAFX5sbz=g=WwgwAgSZzWNbkeKZMBHTTptjYWYSNvHLwzNbXv5g@mail.gmail.com>
Reply-to: Mathieu Parent <math.parent@gmail.com>, 654764@bugs.debian.org

To be efficient, the server cipher order should be used:

    # Mitigate B.E.A.S.T attack
    SSLHonorCipherOrder on
    SSLCipherSuite RC4:HIGH:MEDIUM:!ADH:!MD5:!SSLv2
    SSLProtocol all -SSLv2

Regards

-- 
Mathieu Parent

Reply to:

Prev by Date: Bug#654764: Mitigate B.E.A.S.T attack
Next by Date: Advice on packaging a PHP application (ITP for Shaarli)
Previous by thread: Processed: Re: Bug#654764: Mitigate B.E.A.S.T attack
Next by thread: Advice on packaging a PHP application (ITP for Shaarli)
Index(es):
- Date
- Thread