main/apache2: base configuration on upstream default files

1 files changed, 27 insertions, 0 deletions

diff --git a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch
new file mode 100644
index 0000000000..62fc5172d1
--- /dev/null
+++ b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch
@@ -0,0 +1,27 @@
+From 68116c6b50712b4e3733da43292d066e3797cbcc Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Fri, 11 Sep 2015 13:32:31 +0300
+Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite
+
+---
+ docs/conf/extra/httpd-ssl.conf.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
+index 4462fa6..4534852 100644
+--- a/docs/conf/extra/httpd-ssl.conf.in
++++ b/docs/conf/extra/httpd-ssl.conf.in
+@@ -50,8 +50,8 @@ Listen @@SSLPort@@
+ #   ensure these follow appropriate best practices for this deployment.
+ #   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
+ #   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
+-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
+-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
+ 
+ #  By the end of 2016, only TLSv1.2 ciphers should remain in use.
+ #  Older ciphers should be disallowed as soon as possible, while the
+-- 
+2.5.0
+