On 05/20/2015 10:53 AM, Michael Stone wrote: > On Wed, May 20, 2015 at 12:47:35PM -0400, Dan Ritter wrote: >> Is there any chance of getting Logjam ( https://weakdh.org/ ) >> mitigation for Wheezy packages? > > You can mitigate it right now by reconfiguring your server to remove DH > ciphers from SSLCipherSuite. This particular configuration works very well with Apache 2.2: SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
Attachment:
signature.asc
Description: OpenPGP digital signature