summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-10-15 17:07:45 -0400
committerMicah Anderson <micah@leap.se>2014-10-15 17:09:27 -0400
commit64333ba969632269a063f8c777024d0f6b063215 (patch)
tree79a8a00180e7d8f4c794119d090b329cceea3015 /puppet/modules/site_static
parentb806d84a2fc292e3fb8a3f5fd1fb029c2cdb629e (diff)
Disable SSLv3, and RC4 ciphers
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
Diffstat (limited to 'puppet/modules/site_static')
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb4
1 files changed, 2 insertions, 2 deletions
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index 07ac481d..9b516a10 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -46,10 +46,10 @@
#RewriteLogLevel 3
SSLEngine on
- SSLProtocol all -SSLv2
+ SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK"
+ SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK"
<%- if @tls_only -%>
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"