From 149a1dcff816d6ea3a0df12e267ee54c4bc796e2 Mon Sep 17 00:00:00 2001
From: Andy Witter <awitter@georgialibraries.org>
Date: Thu, 28 Apr 2016 10:19:32 -0400
Subject: [PATCH] Disable SSLv3 by default in apache for poodle attacks

---
 templates/setup-head.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/templates/setup-head.sh b/templates/setup-head.sh
index b31d2cd..0834170 100755
--- a/templates/setup-head.sh
+++ b/templates/setup-head.sh
@@ -170,11 +170,19 @@ a2enmod cgi
 a2disconf serve-cgi-bin
 
 if [ -e /etc/apache2/sites-enabled/000-default.conf ]
-	then 
+then 
 	rm /etc/apache2/sites-enabled/000-default.conf
 fi
 sed -i 's^NameVirtualHost^#NameVirtualHost^g' /etc/apache2/ports.conf
 
+if [ -e /etc/apache2/mods-enabled/ssl.conf ]
+then
+	sed '/SSL v2  is no longer supported/a \\tSSLProtocol all -SSLv3'
+else
+	echo "WARNING!!! Could not disable SSLv3 in apache2 conf"
+	echo "/etc/apache2/mods-enabled/ssl.conf is missing."
+	sleep 10
+fi
 #Enable extended status in Apache2 for Munin.
 #sed -i '/<Location/i \\nExtendStatus On\n' /etc/apache2/mods-available/status.conf
 
-- 
2.11.0