diff options
author | mh <mh@immerda.ch> | 2010-12-12 18:51:48 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2010-12-12 18:51:48 +0100 |
commit | 3223bb26521cd7aed97c3d5bd7df73269991639d (patch) | |
tree | 0392fc91ebe074f04b09653cf222b211121997d6 /files | |
parent | 22fba9762d707383c65c822c2310b17b1eb104c2 (diff) |
update to latest secure ssl directives
Diffstat (limited to 'files')
-rw-r--r-- | files/include.d/CentOS/ssl_defaults.inc | 6 | ||||
-rw-r--r-- | files/include.d/Debian/ssl_defaults.inc | 4 | ||||
-rw-r--r-- | files/include.d/OpenBSD/ssl_defaults.inc | 2 |
3 files changed, 8 insertions, 4 deletions
diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc index 04d3077..b57cbb9 100644 --- a/files/include.d/CentOS/ssl_defaults.inc +++ b/files/include.d/CentOS/ssl_defaults.inc @@ -11,14 +11,16 @@ SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 +#SSLProtocol all -SSLv2 +SSLProtocol -all +SSLv3 +TLSv1 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 -SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH +SSLHonorCipherOrder on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index 3889cff..949fe58 100644 --- a/files/include.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc @@ -1 +1,3 @@ -SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH +SSLProtocol -all +SSLv3 +TLSv1 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH +SSLHonorCipherOrder on diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc index 91b14e0..67cf36f 100644 --- a/files/include.d/OpenBSD/ssl_defaults.inc +++ b/files/include.d/OpenBSD/ssl_defaults.inc @@ -1,5 +1,5 @@ SSLEngine on #SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 -SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH SSLCertificateFile /etc/ssl/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key |