c3496a4 Modernize mod_nss's cipher suites

4 files Authored by cheimes 8 years ago, Committed by mbasti 8 years ago,
    Modernize mod_nss's cipher suites
    
    The list of supported TLS cipher suites in /etc/httpd/conf.d/nss.conf
    has been modernized. Insecure or less secure algorithms such as RC4,
    DES and 3DES are removed. Perfect forward secrecy suites with ephemeral
    ECDH key exchange have been added. IE 8 on Windows XP is no longer
    supported.
    
    The list of enabled cipher suites has been generated with the script
    contrib/nssciphersuite/nssciphersuite.py.
    
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_CBC_SHA
    
    https://fedorahosted.org/freeipa/ticket/5589
    
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Martin Basti <mbasti@redhat.com>