Errata overview
Errata ID 103
Date 2015-03-11
Source package univention-apache
Fixed in version 7.0.16-9.231.201503101333
The configuration of the SSL/TLS support in Apache has been improved:
- If the new UCR variable apache2/ssl/tlsv11 is set to 'true', Apache 
  only accepts TLS 1.1 and TLS 1.2
- If the new UCR variable apache2/ssl/tlsv12 is set to 'true', Apache 
  only accepts TLS 1.2
- SSL compression disabled by default for security reasons, it can be
  enabled using the UCR variable apache2/ssl/compression.
- Apache no longer accepts various insecure ciphers and hash algorithms
  (e.g. RC4, MD5 and the outdated "export ciphers") by default. Note 
  that such algorithms would not have been negotiated if the TLS 
  client supports current crypto algorithms. A different set of ciphers
  can be configured using the new UCR variable apache2/ssl/ciphersuite.
- If the new UCR variable apache2/ssl/honorcipherorder is set, the
  server choice of ciphers is used instead of the ciphers preferred by
  the TLS client.
Please refer to the UCR variable descriptions for additional details.
In addition this update adds support for forcing a port in the URL shown
in the ucs-overview page. This is done by setting the UCR variable
ucs/web/overview/entries/*/*/port_http and .../port_https.
Additional notes
UCS Bug number #35456