[Ach] Looks like SSLv3 is enabled for httpd in spec?
gh.bettercrypto at hitco.at
Thu Mar 3 20:14:01 CET 2016
Am 03.03.2016 um 18:38 schrieb Pepi Zawodsky:
>>> Can anyone tell me, if :+SSLv3: really should be there?
> I totally agree that this notation is counter-intuitive. Yet, Sebastian is totally right. This enables Cipher suites _defined_ in the SSLv3 spec (which are used in TLS 1.0 and above as well) but definitely does not turn on the SSLv3 protocol.
+SSLv3 doesn't enable any CipherSuites.
It just pushes back the SSLv3 CipherSuites to the end of the List
If “+” is used then the ciphers are moved to the end of the list. This
option doesn't add any new ciphers it just moves matching existing ones.
More information about the Ach