From: Michael Peters Date: Mon, 11 Jan 2016 16:31:28 +0000 (-0500) Subject: Include updated cipher suite order in eg.conf for new standard X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=d79db8b6801edae62ce8d85c77d1944c723bf1b8;p=contrib%2Fpines%2Fgenasys.git Include updated cipher suite order in eg.conf for new standard --- diff --git a/templates/apache2/eg.conf b/templates/apache2/eg.conf index aa8a598..160681a 100644 --- a/templates/apache2/eg.conf +++ b/templates/apache2/eg.conf @@ -102,19 +102,20 @@ ExpiresByType text/css "access plus 50 minutes" # ---------------------------------------------------------------------------------- #Listen 443 - DocumentRoot "/openils/var/web" - ServerName localhost:443 - ServerAlias 127.0.0.1:443 - SSLEngine on + DocumentRoot "/openils/var/web" + ServerName localhost:443 + ServerAlias 127.0.0.1:443 + SSLEngine on SSLProxyEngine on # required for ErrorDocument 404 on SSL connections - SSLHonorCipherOrder On - SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM + SSLHonorCipherOrder On +# SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM +SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" - # If you don't have an SSL cert, you can create self-signed + # If you don't have an SSL cert, you can create self-signed # certificate and key with: # openssl req -new -x509 -nodes -out server.crt -keyout server.key - SSLCertificateFile ssl/server.crt - SSLCertificateKeyFile ssl/server.key + SSLCertificateFile ssl/server.crt + SSLCertificateKeyFile ssl/server.key # - absorb the shared virtual host settings Include eg_vhost.conf