X-Git-Url: https://vcs.fsf.org/?p=eostre.git;a=blobdiff_plain;f=drupal-configs%2Fapache2%2Fmods-available%2Fssl.conf;fp=drupal-configs%2Fshopserver%2Fapache2%2Fmods-available%2Fssl.conf_1467135174_Tue_Jun_28_13_32_54_2016_.cfsaved;h=1dc4eea62ef33a75adb3d5f5f3b2041c860e2f08;hp=e9fcf4f9bbfbeddf31e2da76f1d776a4cbc5bd7d;hb=09c20003d8a5c62268abff35a503234517328098;hpb=b6b12da0372678523e413ff829e8b9f45d13c60b diff --git a/drupal-configs/shopserver/apache2/mods-available/ssl.conf_1467135174_Tue_Jun_28_13_32_54_2016_.cfsaved b/drupal-configs/apache2/mods-available/ssl.conf similarity index 77% rename from drupal-configs/shopserver/apache2/mods-available/ssl.conf_1467135174_Tue_Jun_28_13_32_54_2016_.cfsaved rename to drupal-configs/apache2/mods-available/ssl.conf index e9fcf4f..1dc4eea 100644 --- a/drupal-configs/shopserver/apache2/mods-available/ssl.conf_1467135174_Tue_Jun_28_13_32_54_2016_.cfsaved +++ b/drupal-configs/apache2/mods-available/ssl.conf @@ -33,7 +33,7 @@ # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. - SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase + SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism @@ -56,25 +56,21 @@ # ciphers(1) man page from the openssl package for list of all available # options. # Enable only secure ciphers: - SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + SSLCipherSuite HIGH:!aNULL - # Speed-optimized SSL Cipher configuration: - # If speed is your main concern (on busy HTTPS servers e.g.), - # you might want to force clients to specific, performance - # optimized ciphers. In this case, prepend those ciphers - # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. - # Caveat: by giving precedence to RC4-SHA and AES128-SHA - # (as in the example below), most connections will no longer - # have perfect forward secrecy - if the server's key is - # compromised, captures of past or future traffic must be - # considered compromised, too. - #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 + # SSL server cipher order preference: + # Use server priorities for cipher algorithm choice. + # Clients may prefer lower grade encryption. You should enable this + # option if you want to enforce stronger encryption, and can afford + # the CPU cost, and did not override SSLCipherSuite in a way that puts + # insecure ciphers first. + # Default: Off #SSLHonorCipherOrder on # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported - SSLProtocol all + SSLProtocol all -SSLv3 # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off