From b5c93a893a07f20f5322a95a64073f167d9dbb9a Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Thu, 10 Jun 2010 03:52:26 +0200
Subject: adjust sslciphersuite to new recommendations

---
 files/include.d/CentOS/ssl_defaults.inc  | 3 ++-
 files/include.d/Debian/ssl_defaults.inc  | 1 +
 files/include.d/OpenBSD/ssl_defaults.inc | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'files/include.d')

diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc
index 5cc663f..04d3077 100644
--- a/files/include.d/CentOS/ssl_defaults.inc
+++ b/files/include.d/CentOS/ssl_defaults.inc
@@ -16,7 +16,8 @@ SSLProtocol all -SSLv2
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
 
 
 #   Server Certificate:
diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc
index e69de29..3889cff 100644
--- a/files/include.d/Debian/ssl_defaults.inc
+++ b/files/include.d/Debian/ssl_defaults.inc
@@ -0,0 +1 @@
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc
index e7d2c36..91b14e0 100644
--- a/files/include.d/OpenBSD/ssl_defaults.inc
+++ b/files/include.d/OpenBSD/ssl_defaults.inc
@@ -1,4 +1,5 @@
 SSLEngine on
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
 SSLCertificateFile    /etc/ssl/server.crt
 SSLCertificateKeyFile /etc/ssl/private/server.key
-- 
cgit v1.2.3