increased default TLS security setting

switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance. Signed-off-by: Robert <rspier@pobox.com>
2010-07-26 01:26:53 -04:00 · 2010-07-26 01:26:53 -04:00 · 3a7f46aa3e
commit 3a7f46aa3e
parent d0c9b7cbe5
1 changed files with 7 additions and 1 deletions
--- a/config.sample/tls_ciphers
+++ b/config.sample/tls_ciphers
@ -1,4 +1,10 @@
 # Override default security using suitable string from available ciphers at 
 # L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>
 # See plugins/tls for details.
-HIGH
+#
+# HIGH is a reasonable default that should satisfy most installations
+HIGH:!SSLv2
+#
+# if you have legacy clients that require less secure connections,
+# consider using this less secure, but PCI compliant setting:
+#DEFAULT:!ADH:!LOW:!EXP:!SSLv2:+HIGH:+MEDIUM