Closed
Bug 1120404
Opened 10 years ago
Closed 10 years ago
Apache information on wiki.mozilla.org/Security/Server_Side_TLS is outdated
Categories
(Security Assurance :: General, task)
Security Assurance
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: hcgpalm, Assigned: jvehent)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141201111703
Steps to reproduce:
Read https://wiki.mozilla.org/Security/Server_Side_TLS
Actual results:
Found outdated information
Expected results:
Found up-to-date information
|
Reporter | |
Comment 1•10 years ago
|
||
Under the "Apache" section there is the following text:
"In Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter. The configuration below is recommended. "
Both issues have been fixed in mod_ssl 2.4.7 (see http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile)
Consequently, the following information under the "Nginx" section is no longer accurate:
"Nginx provides the best TLS support at the moment. It is the only daemon that provides OCSP Stapling, custom DH parameters, and the full flavor of TLS versions (from OpenSSL)."
It might also be worth mentioning that Red Hat has backported this functionality into their RHEL 6 Apache 2.2 distribution with httpd-2.2.15-32.el6.
|
||
Comment 2•10 years ago
|
||
MDN is not maintaining this doc: I think people in this product should now who is in charge
Assignee: nobody → server-ops-webops
Component: General → WebOps: Other
Product: Developer Documentation → Infrastructure & Operations
QA Contact: nmaul
Version: unspecified → other
|
||
Updated•10 years ago
|
Assignee: server-ops-webops → nobody
Component: WebOps: Other → Operations Security (OpSec): General
Flags: needinfo?(jvehent)
Product: Infrastructure & Operations → mozilla.org
QA Contact: nmaul
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/295]
|
||
Updated•10 years ago
|
Assignee: nobody → jvehent
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
Assignee | |
Comment 3•10 years ago
|
||
Wiki page corrected.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: needinfo?(jvehent)
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in
before you can comment on or make changes to this bug.
Description
•