Update TLS apache vhost TLS configuration (#5137):

       . We want to allow for TLS1.2 to be enabled (supported in wheezy)

       . Explicitly disable SSLCompression. This aids in protecting
       against the BREACH attack: see http://breachattack.com), and SPDY
       version 3 is vulnerable to the CRIME attack when compression is
       on

       . Switch the cipher suites to match
       https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for
       these reasons:
             . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many
             implementations support this, and there are no known attacks).
             . Prefer AES128 to AES256 because the key schedule in
             AES256 is considered weaker, and maybe AES128 is more
             resistant to timing attacks
             . Prefer AES to RC4. BEAST attacks on AES are mitigated in
             >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and
             likely to become more dangerous
             . RC4 is on the path to removal, but still present for backward compatibility

Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043

0 files changed, 0 insertions, 0 deletions