From 38615b62533719254a4d118f548cefdcbf59bdec Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 1 Nov 2008 11:50:21 +0000
Subject: tuned ssl for more secure ciphers, hide server signature by default

---
 files/conf.d/CentOS/defaults.inc     | 2 ++
 files/conf.d/CentOS/ssl_defaults.inc | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'files')

diff --git a/files/conf.d/CentOS/defaults.inc b/files/conf.d/CentOS/defaults.inc
index 9ecd0ed..3e5e7d7 100644
--- a/files/conf.d/CentOS/defaults.inc
+++ b/files/conf.d/CentOS/defaults.inc
@@ -1,3 +1,5 @@
 RewriteEngine on
 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
 RewriteRule .* - [F]
+
+ServerSignature Off
diff --git a/files/conf.d/CentOS/ssl_defaults.inc b/files/conf.d/CentOS/ssl_defaults.inc
index 4f971cd..b4301ec 100644
--- a/files/conf.d/CentOS/ssl_defaults.inc
+++ b/files/conf.d/CentOS/ssl_defaults.inc
@@ -16,7 +16,8 @@ SSLProtocol all -SSLv2
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
-- 
cgit v1.2.3