From b5c93a893a07f20f5322a95a64073f167d9dbb9a Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 10 Jun 2010 03:52:26 +0200 Subject: adjust sslciphersuite to new recommendations --- files/vhosts.d/Gentoo/0-default_ssl.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'files/vhosts.d') diff --git a/files/vhosts.d/Gentoo/0-default_ssl.conf b/files/vhosts.d/Gentoo/0-default_ssl.conf index 7efe879..a123de8 100644 --- a/files/vhosts.d/Gentoo/0-default_ssl.conf +++ b/files/vhosts.d/Gentoo/0-default_ssl.conf @@ -31,7 +31,8 @@ UseCanonicalName On # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + #SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH SSLCertificateFile /e/certs/server.crt SSLCertificateKeyFile /e/certs/server.key -- cgit v1.2.3 From 5a93a0363e9f967550d4a4267113e2b0714c06c2 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 18 Mar 2011 10:23:04 +0100 Subject: we don't need these logfiles in the include --- files/vhosts.d/CentOS/0-default_ssl.conf | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'files/vhosts.d') diff --git a/files/vhosts.d/CentOS/0-default_ssl.conf b/files/vhosts.d/CentOS/0-default_ssl.conf index 9f8c4b6..d018bcc 100644 --- a/files/vhosts.d/CentOS/0-default_ssl.conf +++ b/files/vhosts.d/CentOS/0-default_ssl.conf @@ -8,6 +8,12 @@ Include include.d/ssl_defaults.inc DocumentRoot /var/www/html + # Use separate log files for the SSL virtual host; note that LogLevel + # is not inherited from httpd.conf. + ErrorLog logs/ssl_error_log + TransferLog logs/ssl_access_log + LogLevel warn + SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -- cgit v1.2.3