From 76d271d18466050974cb260d399367ae6fb1803b Mon Sep 17 00:00:00 2001
From: Michael Peters <mrpeters@library.in.gov>
Date: Thu, 27 Oct 2011 09:42:37 -0400
Subject: [PATCH] A tweak to eg.conf to prevent against the BEAST exploit in
 TLS/SSL

Signed-off-by: Michael Peters <mrpeters@library.in.gov>
---
 Open-ILS/examples/apache/eg.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Open-ILS/examples/apache/eg.conf b/Open-ILS/examples/apache/eg.conf
index 77b5f408c1..e2b0584895 100644
--- a/Open-ILS/examples/apache/eg.conf
+++ b/Open-ILS/examples/apache/eg.conf
@@ -109,7 +109,8 @@ NameVirtualHost *:443
 	ServerName localhost:443
 	ServerAlias 127.0.0.1:443
 	SSLEngine on
-	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+	SSLHonorCipherOrder On
+	SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
 
     # If you don't have an SSL cert, you can create self-signed 
     # certificate and key with:
-- 
2.11.0