From d79db8b6801edae62ce8d85c77d1944c723bf1b8 Mon Sep 17 00:00:00 2001 From: Michael Peters Date: Mon, 11 Jan 2016 11:31:28 -0500 Subject: [PATCH] Include updated cipher suite order in eg.conf for new standard --- templates/apache2/eg.conf | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/templates/apache2/eg.conf b/templates/apache2/eg.conf index aa8a598..160681a 100644 --- a/templates/apache2/eg.conf +++ b/templates/apache2/eg.conf @@ -102,19 +102,20 @@ ExpiresByType text/css "access plus 50 minutes" # ---------------------------------------------------------------------------------- #Listen 443 - DocumentRoot "/openils/var/web" - ServerName localhost:443 - ServerAlias 127.0.0.1:443 - SSLEngine on + DocumentRoot "/openils/var/web" + ServerName localhost:443 + ServerAlias 127.0.0.1:443 + SSLEngine on SSLProxyEngine on # required for ErrorDocument 404 on SSL connections - SSLHonorCipherOrder On - SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM + SSLHonorCipherOrder On +# SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM +SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" - # If you don't have an SSL cert, you can create self-signed + # If you don't have an SSL cert, you can create self-signed # certificate and key with: # openssl req -new -x509 -nodes -out server.crt -keyout server.key - SSLCertificateFile ssl/server.crt - SSLCertificateKeyFile ssl/server.key + SSLCertificateFile ssl/server.crt + SSLCertificateKeyFile ssl/server.key # - absorb the shared virtual host settings Include eg_vhost.conf -- 2.11.0