Errata overview
Errata ID 345
Date 2015-07-16
Source package univention-apache
Fixed in version 6.0.16-11.240.201507131307
The configuration of the SSL/TLS support in Apache has been improved:
- Apache no longer accepts various insecure ciphers and hash algorithms
  (e.g. RC4, MD5 and the outdated "export ciphers") by default. Note
  that such algorithms would not have been negotiated if the TLS
  client supports current crypto algorithms. A different set of ciphers
  can be configured using the new UCR variable 'apache2/ssl/ciphersuite'.
- If the new UCR variable 'apache2/ssl/honorcipherorder' is set, the
  server choice of ciphers is used instead of the ciphers preferred by
  the TLS client.
Please refer to the UCR variable descriptions for additional details.
Additional notes
UCS Bug number #38632