Bug 704352

Summary: Harden SSL cipher suites strength of the default configuration of the SSL part(included mod_ssl) of Apache2
Product: [Fedora] Fedora Reporter: adimcev
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 14CC: jorton, pahan
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-13 08:06:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description adimcev 2011-05-12 21:37:37 UTC 
Description of problem:

Testing the default configuration of the SSL part(included mod_ssl)of Apache2 of Fedora 14(i686), SSL support enabled with system-config-httpd, was noted the following issue regarding the SSL cipher suite strength: weak cipher suites(DES based) are enabled. -> these should be disabled by default.

Test results:
http://www.carbonwind.net/blog/post/On-scope-default-SSLTLS-settings-shipped-on-various-Linux-distros-for-Apache-22x.aspx

Version-Release number of selected component (if applicable):
Apache 2.2.17

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Joe Orton 2011-05-13 08:06:16 UTC 
Thanks for the report - this is already done for F15.  We generally don't make changes to the default config for shipping releases.

F15 defaults:

  SSLProtocol all -SSLv2
  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL