increased default TLS security setting

switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.

Signed-off-by: Robert <rspier@pobox.com>
This commit is contained in:
Matt Simerson 2010-07-26 01:26:53 -04:00 committed by Robert
parent d0c9b7cbe5
commit 3a7f46aa3e

View File

@ -1,4 +1,10 @@
# Override default security using suitable string from available ciphers at # Override default security using suitable string from available ciphers at
# L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS> # L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS>
# See plugins/tls for details. # See plugins/tls for details.
HIGH #
# HIGH is a reasonable default that should satisfy most installations
HIGH:!SSLv2
#
# if you have legacy clients that require less secure connections,
# consider using this less secure, but PCI compliant setting:
#DEFAULT:!ADH:!LOW:!EXP:!SSLv2:+HIGH:+MEDIUM