[packages/apache1-mod_ssl] disable sslv2, sslv3
glen
glen at pld-linux.org
Tue Sep 22 11:52:45 CEST 2015
commit d1082b3b8fc6aba862745d766dcbbf27c2d7580f
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Tue Sep 22 12:52:34 2015 +0300
disable sslv2, sslv3
apache1-mod_ssl.conf | 8 ++++++++
1 file changed, 8 insertions(+)
---
diff --git a/apache1-mod_ssl.conf b/apache1-mod_ssl.conf
index a84b3f1..25c3939 100644
--- a/apache1-mod_ssl.conf
+++ b/apache1-mod_ssl.conf
@@ -36,6 +36,14 @@ SSLPassPhraseDialog builtin
SSLSessionCache shm:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
+# FOLLOW SECURE DEFAULTS: https://wiki.mozilla.org/Security/Server_Side_TLS
+
+# Usable SSL protocol flavors:
+# This directive can be used to control the SSL protocol flavors mod_ssl
+# should use when establishing its server environment. Clients then can only
+# connect with one of the provided protocols.
+SSLProtocol all -SSLv2 -SSLv3
+
# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache1-mod_ssl.git/commitdiff/d1082b3b8fc6aba862745d766dcbbf27c2d7580f
More information about the pld-cvs-commit
mailing list