A tweak to eg.conf to prevent against the BEAST exploit in TLS/SSL

author Michael Peters <mrpeters@library.in.gov>

Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)

committer Michael Peters <mrpeters@library.in.gov>

Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)
author Michael Peters <mrpeters@library.in.gov>
Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)
committer Michael Peters <mrpeters@library.in.gov>
Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)
diff --git a/Open-ILS/examples/apache/eg.conf b/Open-ILS/examples/apache/eg.conf

index 77b5f40..e2b0584 100644 (file)
--- a/Open-ILS/examples/apache/eg.conf
+++ b/Open-ILS/examples/apache/eg.conf
@@ -109,7 +109,8 @@ NameVirtualHost *:443
         ServerName localhost:443
         ServerAlias 127.0.0.1:443
         SSLEngine on
-       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+       SSLHonorCipherOrder On
+       SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
  
      # If you don't have an SSL cert, you can create self-signed 
      # certificate and key with:
author	Michael Peters <mrpeters@library.in.gov>
	Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)
committer	Michael Peters <mrpeters@library.in.gov>
	Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)