Rainer, On 5/23/15 12:03 PM, Rainer Jung wrote: > mod_ssl dropped support for EXPORT ciphers in Apache 2.4 some time ago > and will also drop it in Apache 2.2 in the soon to be released next > version. > > I applied a similar change to tcnative trunk and would also like to > apply it to 1.1.
+1 > Note that "drop support" would mean you can no longer enable export > ciphers. Even if you do they will simply not get advertised to the > client because the code filters them out. This is not just a question of > defaults but whether export ciphers should be available or not. > > The change in question is > > http://svn.apache.org/r1681147 > > In the light of the downgrade attacks that were invented I have a > tendency to drop support completely. Other opinions? Hmm. As much as I'd like for EXP ciphers to die forever, I can imagine a use case where the user really *really* needs to use them. Can we offer them the ability to re-enable them? It's okay if it requires a re-build of tcnative to do so. Thanks, -chris
signature.asc
Description: OpenPGP digital signature
