summaryrefslogtreecommitdiff
path: root/files/include.d
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2010-06-10 03:52:26 +0200
committermh <mh@immerda.ch>2010-06-10 03:52:26 +0200
commitb5c93a893a07f20f5322a95a64073f167d9dbb9a (patch)
tree1f2fbfe791658ad834ff4c62e21ca7f4db1dfa1b /files/include.d
parent973e9107bb29bcd98868fabda464dc71e6d8af23 (diff)
adjust sslciphersuite to new recommendations
Diffstat (limited to 'files/include.d')
-rw-r--r--files/include.d/CentOS/ssl_defaults.inc3
-rw-r--r--files/include.d/Debian/ssl_defaults.inc1
-rw-r--r--files/include.d/OpenBSD/ssl_defaults.inc3
3 files changed, 5 insertions, 2 deletions
diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc
index 5cc663f..04d3077 100644
--- a/files/include.d/CentOS/ssl_defaults.inc
+++ b/files/include.d/CentOS/ssl_defaults.inc
@@ -16,7 +16,8 @@ SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
# Server Certificate:
diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc
index e69de29..3889cff 100644
--- a/files/include.d/Debian/ssl_defaults.inc
+++ b/files/include.d/Debian/ssl_defaults.inc
@@ -0,0 +1 @@
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc
index e7d2c36..91b14e0 100644
--- a/files/include.d/OpenBSD/ssl_defaults.inc
+++ b/files/include.d/OpenBSD/ssl_defaults.inc
@@ -1,4 +1,5 @@
SSLEngine on
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 17:15:14 +0000