git.bettercrypto.org / ach-master.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab51c68)
!SSLv3 damn it
authorAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 10:08:29 +0000 (12:08 +0200)
committerAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 10:08:29 +0000 (12:08 +0200)
src/configuration/Webservers/Apache/default-ssl patch | blob | history

diff --git a/src/configuration/Webservers/Apache/default-ssl b/src/configuration/Webservers/Apache/default-ssl
index 0428e9f..bb8348a 100644 (file)
--- a/src/configuration/Webservers/Apache/default-ssl
+++ b/src/configuration/Webservers/Apache/default-ssl
@@ -167,7 +167,7 @@
        # If you want to protect all subdomains, use the following header
        # ALL subdomains HAVE TO support HTTPS if you use this!
        # Strict-Transport-Security: "max-age=15768000 ; includeSubDomains"
-       SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
+       SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
 
 </VirtualHost>
 </IfModule>
applied crypto hardening (master repo)