- # Speed-optimized SSL Cipher configuration:
- # If speed is your main concern (on busy HTTPS servers e.g.),
- # you might want to force clients to specific, performance
- # optimized ciphers. In this case, prepend those ciphers
- # to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
- # Caveat: by giving precedence to RC4-SHA and AES128-SHA
- # (as in the example below), most connections will no longer
- # have perfect forward secrecy - if the server's key is
- # compromised, captures of past or future traffic must be
- # considered compromised, too.
- #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+ # SSL server cipher order preference:
+ # Use server priorities for cipher algorithm choice.
+ # Clients may prefer lower grade encryption. You should enable this
+ # option if you want to enforce stronger encryption, and can afford
+ # the CPU cost, and did not override SSLCipherSuite in a way that puts
+ # insecure ciphers first.
+ # Default: Off