After testing how various Linux distros or freeBSD ship Apache’s(version 2.2.x) default configuration of the SSL part(included mod_ssl) [1], as time permitted, I started to open bugs related to the findings.
So far I’ve managed to fill bugs on five distros: openSuse, Fedora, Mandriva, Slackware and FreeBSD; however some distros may relate to each other(like the Suse ones or Red Hat and Fedora).
To be honest, to my surprise, some prompt answers were received from some distros, namely openSuse and Fedora.
Others like Mandriva or Slackware(no bugzilla for this one to my knowledge, so I emailed them) did not (yet) made any comments or so.
The FreeBSD bug is in “feedback” state.
Below is a list with the bugs submitted so far.
openSUSE –> fixed
https://bugzilla.novell.com/show_bug.cgi?id=693479
Fedora –> fixed
https://bugzilla.redhat.com/show_bug.cgi?id=704352
FreeBSD –> “feedback” state
http://www.freebsd.org/cgi/query-pr.cgi?pr=156987
Mandriva –> ?
https://qa.mandriva.com/show_bug.cgi?id=63286
Slackware –> ?
No bugzilla ? –> sent email to info@slackware.com.
References
[1] On scope: default SSL/TLS settings shipped on various Linux distros for Apache 2.2.x
http://www.carbonwind.net/blog/post/On-scope-default-SSLTLS-settings-shipped-on-various-Linux-distros-for-Apache-22x.aspx