apache-httpd: harden default SSL cipher list
A couple of tweaks on the SSL cipher list. Disabled RC4 which is now considered broken. https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what Enabled Forward Secrecy for modern browsers. https://en.wikipedia.org/wiki/Forward_secrecy Without the change, NixOS servers are capped at Grade B on https://www.ssllabs.com/ssltest/index.html
parent
1d3a4b17
Please register or sign in to comment