tuned ssl for more secure ciphers, hide server signature by default

author: mh <mh@immerda.ch> 2008-11-01 11:50:21 +0000
committer: mh <mh@immerda.ch> 2008-11-01 11:50:21 +0000
commit: 38615b62533719254a4d118f548cefdcbf59bdec (patch)
tree: fd4dc0405f70acf1fe69fd25d64d45f177fb5e5c /files
parent: d4ae31a745687ff358eaad319e70100cc72bb1d8 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/files/conf.d/CentOS/defaults.inc b/files/conf.d/CentOS/defaults.inc
index 9ecd0ed..3e5e7d7 100644
--- a/files/conf.d/CentOS/defaults.inc
+++ b/files/conf.d/CentOS/defaults.inc
@@ -1,3 +1,5 @@
 RewriteEngine on
 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
 RewriteRule .* - [F]
+
+ServerSignature Off
diff --git a/files/conf.d/CentOS/ssl_defaults.inc b/files/conf.d/CentOS/ssl_defaults.inc
index 4f971cd..b4301ec 100644
--- a/files/conf.d/CentOS/ssl_defaults.inc
+++ b/files/conf.d/CentOS/ssl_defaults.inc
@@ -16,7 +16,8 @@ SSLProtocol all -SSLv2
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
author	mh <mh@immerda.ch>	2008-11-01 11:50:21 +0000
committer	mh <mh@immerda.ch>	2008-11-01 11:50:21 +0000
commit	38615b62533719254a4d118f548cefdcbf59bdec (patch)
tree	fd4dc0405f70acf1fe69fd25d64d45f177fb5e5c /files
parent	d4ae31a745687ff358eaad319e70100cc72bb1d8 (diff)