Disable SSLv3 by default in apache for poodle attacks

author Andy Witter <awitter@georgialibraries.org>

Thu, 28 Apr 2016 14:19:32 +0000 (10:19 -0400)

committer Andy Witter <awitter@georgialibraries.org>

Thu, 28 Apr 2016 14:19:32 +0000 (10:19 -0400)
author Andy Witter <awitter@georgialibraries.org>
Thu, 28 Apr 2016 14:19:32 +0000 (10:19 -0400)
committer Andy Witter <awitter@georgialibraries.org>
Thu, 28 Apr 2016 14:19:32 +0000 (10:19 -0400)
diff --git a/templates/setup-head.sh b/templates/setup-head.sh

index b31d2cd..0834170 100755 (executable)
--- a/templates/setup-head.sh
+++ b/templates/setup-head.sh
@@ -170,11 +170,19 @@ a2enmod cgi
  a2disconf serve-cgi-bin
  
  if [ -e /etc/apache2/sites-enabled/000-default.conf ]
-       then 
+then 
         rm /etc/apache2/sites-enabled/000-default.conf
  fi
  sed -i 's^NameVirtualHost^#NameVirtualHost^g' /etc/apache2/ports.conf
  
+if [ -e /etc/apache2/mods-enabled/ssl.conf ]
+then
+       sed '/SSL v2  is no longer supported/a \\tSSLProtocol all -SSLv3'
+else
+       echo "WARNING!!! Could not disable SSLv3 in apache2 conf"
+       echo "/etc/apache2/mods-enabled/ssl.conf is missing."
+       sleep 10
+fi
  #Enable extended status in Apache2 for Munin.
  #sed -i '/<Location/i \\nExtendStatus On\n' /etc/apache2/mods-available/status.conf
author	Andy Witter <awitter@georgialibraries.org>
	Thu, 28 Apr 2016 14:19:32 +0000 (10:19 -0400)
committer	Andy Witter <awitter@georgialibraries.org>
	Thu, 28 Apr 2016 14:19:32 +0000 (10:19 -0400)