Index: trunk/server/fedora/config/etc/httpd/conf/httpd.conf
===================================================================
--- trunk/server/fedora/config/etc/httpd/conf/httpd.conf	(revision 2620)
+++ trunk/server/fedora/config/etc/httpd/conf/httpd.conf	(revision 2621)
@@ -327,7 +327,4 @@
     SSLInsecureRenegotiation on
 
-    # Temporary fix for presumed CRIME attack against SSL
-    SSLCompression off
-
     SSLPassPhraseDialog  builtin
     SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
@@ -339,6 +336,12 @@
     SSLVerifyClient none
     SSLOptions +StdEnvVars
+
+    # Copied from https://wiki.mozilla.org/Security/Server_Side_TLS
+    # (backward compatibility configuration)
     SSLProtocol all -SSLv2
-    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
+    SSLHonorCipherOrder on
+    SSLCompression off
+
     <VirtualHost 18.181.0.50:443 18.181.0.50:444>
         ServerName scripts-cert.mit.edu