mod_ssl dropped support for EXPORT ciphers in Apache 2.4 some time ago
and will also drop it in Apache 2.2 in the sonn to be released next version.
I applied a similar change to tcnative trunk and would also like to
apply it to 1.1.
Note that "drop support" would mean you can no longer enable export
ciphers. Even if you do they will simply not get advertised to the
client because the code filters them out. This is not just a question of
defaults but whether export ciphers should be available or not.
The change in question is
http://svn.apache.org/r1681147
In the light of the downgrade attacks that were invented I have a
tendency to drop support completely. Other opinions?
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
