aboutsummaryrefslogtreecommitdiffstats
path: root/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch
blob: 4b9229babd9dcb0ebfd22c15772352e984c5a121 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
From be15024e8c13bf740897274844bee4afd8c9946b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 13:32:31 +0300
Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite

---
 docs/conf/extra/httpd-ssl.conf.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index e80ad1a..b5f5e9d 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -50,8 +50,8 @@ Listen @@SSLPort@@
 #   ensure these follow appropriate best practices for this deployment.
 #   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
 #   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
 
 #  By the end of 2016, only TLSv1.2 ciphers should remain in use.
 #  Older ciphers should be disallowed as soon as possible, while the
-- 
2.9.4