manifests/mod_ssl.pp · eab79ceedff48a68a9e53c1a1be5a37def9d45dd · Nationellt superdatorcentrum / puppetmodules / apache

5 years ago

mod_ssl: Default to not support known bad modes. · eab79cee

Thomas Bellman authored 5 years ago

All the SSL versions, as well as TLS 1.0 and 1.1, are known to have
security problems. Default to not use them when enabling mod_ssl.
Likewise, by default don't support low encryption cipher suites.

Unfortunately, what is considered secure changes with time, and in
particular the cipher suites we have selected is likely to quickly
become outdated. Oh well, users can always override...

eab79cee

History

mod_ssl: Default to not support known bad modes.

Thomas Bellman authored 5 years ago

All the SSL versions, as well as TLS 1.0 and 1.1, are known to have
security problems. Default to not use them when enabling mod_ssl.
Likewise, by default don't support low encryption cipher suites.

Unfortunately, what is considered secure changes with time, and in
particular the cipher suites we have selected is likely to quickly
become outdated. Oh well, users can always override...

Code owners

Assign users and groups as approvers for specific file changes. Learn more.