diff options
| author | mh <mh@immerda.ch> | 2010-06-10 03:52:26 +0200 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2010-06-10 03:52:26 +0200 |
| commit | b5c93a893a07f20f5322a95a64073f167d9dbb9a (patch) | |
| tree | 1f2fbfe791658ad834ff4c62e21ca7f4db1dfa1b /files | |
| parent | 973e9107bb29bcd98868fabda464dc71e6d8af23 (diff) | |
adjust sslciphersuite to new recommendations
Diffstat (limited to 'files')
| -rw-r--r-- | files/include.d/CentOS/ssl_defaults.inc | 3 | ||||
| -rw-r--r-- | files/include.d/Debian/ssl_defaults.inc | 1 | ||||
| -rw-r--r-- | files/include.d/OpenBSD/ssl_defaults.inc | 3 | ||||
| -rw-r--r-- | files/vhosts.d/Gentoo/0-default_ssl.conf | 3 |
4 files changed, 7 insertions, 3 deletions
diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc index 5cc663f..04d3077 100644 --- a/files/include.d/CentOS/ssl_defaults.inc +++ b/files/include.d/CentOS/ssl_defaults.inc @@ -16,7 +16,8 @@ SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH # Server Certificate: diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index e69de29..3889cff 100644 --- a/files/include.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc @@ -0,0 +1 @@ +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc index e7d2c36..91b14e0 100644 --- a/files/include.d/OpenBSD/ssl_defaults.inc +++ b/files/include.d/OpenBSD/ssl_defaults.inc @@ -1,4 +1,5 @@ SSLEngine on -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH SSLCertificateFile /etc/ssl/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key diff --git a/files/vhosts.d/Gentoo/0-default_ssl.conf b/files/vhosts.d/Gentoo/0-default_ssl.conf index 7efe879..a123de8 100644 --- a/files/vhosts.d/Gentoo/0-default_ssl.conf +++ b/files/vhosts.d/Gentoo/0-default_ssl.conf @@ -31,7 +31,8 @@ UseCanonicalName On # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + #SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH SSLCertificateFile /e/certs/server.crt SSLCertificateKeyFile /e/certs/server.key |