diff options
Diffstat (limited to 'main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch')
-rw-r--r-- | main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch index 7c806c3519..4b9229babd 100644 --- a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch +++ b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch @@ -1,4 +1,4 @@ -From 9ddd6227e5e0c38b869a77ce04c93877a2b1fc85 Mon Sep 17 00:00:00 2001 +From be15024e8c13bf740897274844bee4afd8c9946b Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Date: Fri, 11 Sep 2015 13:32:31 +0300 Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite @@ -8,20 +8,20 @@ Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in -index 4462fa6..4534852 100644 +index e80ad1a..b5f5e9d 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -50,8 +50,8 @@ Listen @@SSLPort@@ # ensure these follow appropriate best practices for this deployment. # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. --SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 --SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 -+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH -+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH +-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES +-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES ++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH ++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH # By the end of 2016, only TLSv1.2 ciphers should remain in use. # Older ciphers should be disallowed as soon as possible, while the -- -2.5.0 +2.9.4 |