Disable SSLv3 to stop any poodle style attacks

author Andy Witter <awitter@georgialibraries.org>

Wed, 19 Oct 2016 19:57:25 +0000 (15:57 -0400)

committer Andy Witter <awitter@georgialibraries.org>

Wed, 19 Oct 2016 19:57:25 +0000 (15:57 -0400)
author Andy Witter <awitter@georgialibraries.org>
Wed, 19 Oct 2016 19:57:25 +0000 (15:57 -0400)
committer Andy Witter <awitter@georgialibraries.org>
Wed, 19 Oct 2016 19:57:25 +0000 (15:57 -0400)
diff --git a/templates/setup-head.sh b/templates/setup-head.sh

index e9bc913..df0ef47 100755 (executable)
--- a/templates/setup-head.sh
+++ b/templates/setup-head.sh
@@ -197,6 +197,16 @@ fi
  ### Configure apache to run as user opensrf.
  sed -i 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=opensrf/g' /etc/apache2/envvars
  
+### Disable SSLv3 to protect from poodle type attacks
+if [ -e "/etc/apache2/mods-available/ssl.conf" ]
+then
+       echo;echo "Disabling SSLv3";sleep 3
+       sed -i 's^SSLProtocol all^SSLProtocol all -SSLv3^g' "/etc/apache2/mods-available/ssl.conf"
+else
+       echo;echo "WARNING!! Could not disable SSLv3 to stop poodle type attacks!"
+       read -p "You will have to disable this manually.  Continue [Enter]" SSLv3
+fi
+
  ### Setup to log to logger01.  *** depracated. 
  #if ! grep -q "Evergreen logger configuration" /etc/rsyslog.conf
  #      then
author	Andy Witter <awitter@georgialibraries.org>
	Wed, 19 Oct 2016 19:57:25 +0000 (15:57 -0400)
committer	Andy Witter <awitter@georgialibraries.org>
	Wed, 19 Oct 2016 19:57:25 +0000 (15:57 -0400)