Hello! The file gentoo-apache-2.2.23/conf/vhosts.d/00_default_ssl_vhost.conf uses what I've been told is a very weak cipher suite: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL I hope you can check it out as I have no idea what all those fancy words mean :) I changed mine to the one recommended by Mozilla now [1], hoping they are wiser than me. [1] https://wiki.mozilla.org/Security/Server_Side_TLS
Resigning to the maintainers, sorry about the delay.
This was now committed to our apache git repository: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commitdiff;h=9154fa2d2a6b8f0b59c5b1d83c8186a4249d7f8f
+*apache-2.4.9-r1 (20 Apr 2014) +*apache-2.2.27-r1 (20 Apr 2014) + + 20 Apr 2014; Lars Wendler <polynomial-c@gentoo.org> -apache-2.2.26.ebuild, + +apache-2.2.27-r1.ebuild, -apache-2.4.9.ebuild, +apache-2.4.9-r1.ebuild: + Revbump fixing bug #506924 and bug #507324. Removed old. +