switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance. --- config.sample/tls_ciphers | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/config.sample/tls_ciphers b/config.sample/tls_ciphers index e889731..7bb0204 100644 --- a/config.sample/tls_ciphers +++ b/config.sample/tls_ciphers @@ -1,4 +1,10 @@ # Override default security using suitable string from available ciphers at # L<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS> # See plugins/tls for details. -HIGH +# +# HIGH is a reasonable default that should satisfy most installations +HIGH:!SSLv2 +# +# if you have legacy clients that require less secure connections, +# consider using this less secure, but PCI compliant setting: +#DEFAULT:!ADH:!LOW:!EXP:!SSLv2:+HIGH:+MEDIUM -- 1.7.1.1
