Include updated cipher suite order in eg.conf for new standard

diff --git a/templates/apache2/eg.conf b/templates/apache2/eg.conf
index aa8a598..160681a 100644 (file)
--- a/templates/apache2/eg.conf
+++ b/templates/apache2/eg.conf
@@ -102,19 +102,20 @@ ExpiresByType text/css "access plus 50 minutes"
 # ----------------------------------------------------------------------------------
 #Listen 443
 <VirtualHost *:443>
-       DocumentRoot "/openils/var/web"
-       ServerName localhost:443
-       ServerAlias 127.0.0.1:443
-       SSLEngine on
+       DocumentRoot "/openils/var/web"
+       ServerName localhost:443
+       ServerAlias 127.0.0.1:443
+       SSLEngine on
     SSLProxyEngine on # required for ErrorDocument 404 on SSL connections
-       SSLHonorCipherOrder On
-       SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
+       SSLHonorCipherOrder On
+#       SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM
+SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
 
-    # If you don't have an SSL cert, you can create self-signed 
+    # If you don't have an SSL cert, you can create self-signed
     # certificate and key with:
     # openssl req -new -x509 -nodes -out server.crt -keyout server.key
-       SSLCertificateFile ssl/server.crt
-       SSLCertificateKeyFile ssl/server.key
+       SSLCertificateFile ssl/server.crt
+       SSLCertificateKeyFile ssl/server.key
 
     # - absorb the shared virtual host settings
     Include eg_vhost.conf