https://bugzilla.novell.com/show_bug.cgi?id=693479 https://bugzilla.novell.com/show_bug.cgi?id=693479#c0 Summary: Harden SSL cipher suites strength and SSL protocol support of /etc/apache2/vhosts.d/vhost-ssl.template Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: i586 OS/Version: openSUSE 11.4 Status: NEW Severity: Enhancement Priority: P5 - None Component: Apache AssignedTo: bnc-team-apache@forge.provo.novell.com ReportedBy: adimcev@carbonwind.net QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Testing the default configuration of the SSL part(included mod_ssl)of Apache2 of OpenSuse 11.4(i586, DVD install) was noted that the default /etc/apache2/vhosts.d/vhost-ssl.template configuration regarding SSL cipher suite strength and SSL protocol support is pretty bad: SSL 2.0 is enabled, weak cipher suites(DES based) and export cipher suites(including RC2 based ones) are enabled. -> these should be disabled by default. Test results: http://www.carbonwind.net/blog/post/On-scope-default-SSLTLS-settings-shipped... Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.