From b5c93a893a07f20f5322a95a64073f167d9dbb9a Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 10 Jun 2010 03:52:26 +0200 Subject: adjust sslciphersuite to new recommendations --- files/include.d/CentOS/ssl_defaults.inc | 3 ++- files/include.d/Debian/ssl_defaults.inc | 1 + files/include.d/OpenBSD/ssl_defaults.inc | 3 ++- files/vhosts.d/Gentoo/0-default_ssl.conf | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) (limited to 'files') diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc index 5cc663f..04d3077 100644 --- a/files/include.d/CentOS/ssl_defaults.inc +++ b/files/include.d/CentOS/ssl_defaults.inc @@ -16,7 +16,8 @@ SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH # Server Certificate: diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index e69de29..3889cff 100644 --- a/files/include.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc @@ -0,0 +1 @@ +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc index e7d2c36..91b14e0 100644 --- a/files/include.d/OpenBSD/ssl_defaults.inc +++ b/files/include.d/OpenBSD/ssl_defaults.inc @@ -1,4 +1,5 @@ SSLEngine on -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH SSLCertificateFile /etc/ssl/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key diff --git a/files/vhosts.d/Gentoo/0-default_ssl.conf b/files/vhosts.d/Gentoo/0-default_ssl.conf index 7efe879..a123de8 100644 --- a/files/vhosts.d/Gentoo/0-default_ssl.conf +++ b/files/vhosts.d/Gentoo/0-default_ssl.conf @@ -31,7 +31,8 @@ UseCanonicalName On # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + #SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH SSLCertificateFile /e/certs/server.crt SSLCertificateKeyFile /e/certs/server.key -- cgit v1.2.3