[packages/pound] better https defaults
glen
glen at pld-linux.org
Mon Jul 25 13:10:41 CEST 2016
commit a63d202b440a1ea91b28d349cb3e8d7d78a0d869
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Mon Feb 29 10:14:31 2016 +0200
better https defaults
pound.cfg | 7 +++++++
1 file changed, 7 insertions(+)
---
diff --git a/pound.cfg b/pound.cfg
index 65785f0..f058d33 100644
--- a/pound.cfg
+++ b/pound.cfg
@@ -35,6 +35,13 @@ ListenHTTPS
Address 0.0.0.0
Port 443
Cert "/etc/pki/pound.pem"
+
+ Disable SSLv3
+ SSLAllowClientRenegotiation 0
+ SSLHonorCipherOrder 1
+ Ciphers "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+ AddHeader "HTTPS: on"
+ RewriteLocation 0
End
Service
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/pound.git/commitdiff/fe5246d0d8fc8e4a01e21b6ef1c2b00782f0ef1e
More information about the pld-cvs-commit
mailing list