[packages/apache] - up to 2.4.37; enable TLSv1.3 and disable 1.0/1.1
arekm
arekm at pld-linux.org
Thu Oct 25 13:50:45 CEST 2018
commit 57d10e7d4c254192f02004559f8a7a77f917903d
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Oct 25 13:50:36 2018 +0200
- up to 2.4.37; enable TLSv1.3 and disable 1.0/1.1
apache-mod_ssl.conf | 4 ++--
apache.spec | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 85b9dc9..9bc7a81 100644
--- a/apache.spec
+++ b/apache.spec
@@ -21,7 +21,7 @@
# this is internal macro, don't change to %%apache_modules_api
%define _apache_modules_api 20120211
-%define openssl_ver 1.0.2
+%define openssl_ver 1.1.1
%define apr_ver 1:1.6.0
%define apr_util_ver 1:1.6.0
@@ -35,12 +35,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.4.35
-Release: 2
+Version: 2.4.37
+Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 30c1cde80ffe814a8d16b4fdffda330a
+# Source0-md5: 6a36e742180ee74bff97b28eee90c3f7
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index 5fdfa7e..7f0b259 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -64,12 +64,12 @@ SSLSessionCacheTimeout 300
# This directive can be used to control the SSL protocol flavors mod_ssl
# should use when establishing its server environment. Clients then can only
# connect with one of the provided protocols.
-SSLProtocol all -SSLv2 -SSLv3
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
-SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:TLSv1.3
SSLHonorCipherOrder on
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/57d10e7d4c254192f02004559f8a7a77f917903d
More information about the pld-cvs-commit
mailing list