From: Michael Peters Date: Thu, 27 Oct 2011 13:42:37 +0000 (-0400) Subject: A tweak to eg.conf to prevent against the BEAST exploit in TLS/SSL X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=340e7c4b577afa9ca1e132345ba4b57ff3111187;p=contrib%2FConifer.git A tweak to eg.conf to prevent against the BEAST exploit in TLS/SSL Based on recommedation from https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls Signed-off-by: Michael Peters Signed-off-by: Galen Charlton --- diff --git a/Open-ILS/examples/apache/eg.conf b/Open-ILS/examples/apache/eg.conf index 0b9933e0f8..5e48bd2a91 100644 --- a/Open-ILS/examples/apache/eg.conf +++ b/Open-ILS/examples/apache/eg.conf @@ -87,7 +87,8 @@ NameVirtualHost *:443 ServerName localhost:443 ServerAlias 127.0.0.1:443 SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + SSLHonorCipherOrder On + SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM # If you don't have an SSL cert, you can create self-signed # certificate and key with: