From: Andy Witter <awitter@georgialibraries.org>
Date: Wed, 19 Oct 2016 19:57:25 +0000 (-0400)
Subject: Disable SSLv3 to stop any poodle style attacks
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=4d92cea1b0e2440734e0c1973460e0c01125f28d;p=contrib%2Fpines%2Fgenasys.git

Disable SSLv3 to stop any poodle style attacks
---

diff --git a/templates/setup-head.sh b/templates/setup-head.sh
index e9bc913..df0ef47 100755
--- a/templates/setup-head.sh
+++ b/templates/setup-head.sh
@@ -197,6 +197,16 @@ fi
 ### Configure apache to run as user opensrf.
 sed -i 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=opensrf/g' /etc/apache2/envvars
 
+### Disable SSLv3 to protect from poodle type attacks
+if [ -e "/etc/apache2/mods-available/ssl.conf" ]
+then
+	echo;echo "Disabling SSLv3";sleep 3
+	sed -i 's^SSLProtocol all^SSLProtocol all -SSLv3^g' "/etc/apache2/mods-available/ssl.conf"
+else
+	echo;echo "WARNING!! Could not disable SSLv3 to stop poodle type attacks!"
+	read -p "You will have to disable this manually.  Continue [Enter]" SSLv3
+fi
+
 ### Setup to log to logger01.  *** depracated. 
 #if ! grep -q "Evergreen logger configuration" /etc/rsyslog.conf
 #	then