Mailinglist Archive: opensuse-buildservice (327 mails)
| < Previous | Next > |
Re: [opensuse-buildservice] OBS is using new login auth proxy
- From: Cristian Rodríguez <crrodriguez@xxxxxxxxxxxx>
- Date: Tue, 19 Apr 2011 11:52:10 -0300
- Message-id: <4DADA19A.60009@opensuse.org>
El 19/04/11 11:35, Ludwig Nussel escribió:
SSLHonorCipherOrder
"When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the
client's preference is used. If this directive is enabled, the server's
preference will be used instead."
that kinda worksaround the problem. :)
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx
Jan-Simon Möller wrote:
Am Dienstag, 19. April 2011, 15:59:08 schrieb Cristian Rodríguez:
Yes, it is unstable atm, also, it allows SSLv2 ! looks like someone
forgot to disable it in the vhost configuration...
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:
+eNULL
Something like this should work:
https://build.opensuse.org/package/view_file?file=apache2-vhost-ssl.template&package=apache2&project=Apache
That's more or less cosmetic though. More important (and usually
even more broken) are the clients. Clients need to avoid offering
weak methods and ciphers to avoid MITM.
SSLHonorCipherOrder
"When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the
client's preference is used. If this directive is enabled, the server's
preference will be used instead."
that kinda worksaround the problem. :)
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx
| < Previous | Next > |