From b62a01c3883767ad1f4af4b3b807423830ef915d Mon Sep 17 00:00:00 2001
From: Aaron Kaplan <aaron@lo-res.org>
Date: Fri, 17 Oct 2014 12:09:25 +0200
Subject: [PATCH] no SSLv3 damn it

---
 src/configuration/Webservers/nginx/default | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/configuration/Webservers/nginx/default b/src/configuration/Webservers/nginx/default
index 088c9c6..76649e4 100644
--- a/src/configuration/Webservers/nginx/default
+++ b/src/configuration/Webservers/nginx/default
@@ -112,7 +112,7 @@ server {
 
 	ssl_prefer_server_ciphers on;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
-	ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
+	ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
 	add_header Strict-Transport-Security max-age=15768000; # six months
 	# use this only if all subdomains support HTTPS!
 	# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
-- 
2.20.1