Commit 1ae0ad0d authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

SSL: use the same configuration everywhere.

parent 4652ced7
...@@ -2,8 +2,8 @@ SSLCertificateFile %(certificate)s ...@@ -2,8 +2,8 @@ SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
SSLSessionCache shmcb:%(ssl_session_cache)s(512000) SSLSessionCache shmcb:%(ssl_session_cache)s(512000)
SSLProxyEngine On SSLProxyEngine On
...@@ -3,7 +3,7 @@ SSLCertificateFile %(login_certificate)s ...@@ -3,7 +3,7 @@ SSLCertificateFile %(login_certificate)s
SSLCertificateKeyFile %(login_key)s SSLCertificateKeyFile %(login_key)s
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLProxyEngine On SSLProxyEngine On
...@@ -45,9 +45,9 @@ SSLCertificateFile %(certificate)s ...@@ -45,9 +45,9 @@ SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
SSLProxyEngine On SSLProxyEngine On
......
...@@ -440,9 +440,9 @@ the proxy:: ...@@ -440,9 +440,9 @@ the proxy::
ServerAdmin example.org ServerAdmin example.org
SSLEngine on SSLEngine on
SSLProxyEngine on SSLProxyEngine on
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
# Use personal ssl certificates # Use personal ssl certificates
SSLCertificateFile %(ssl_crt)s SSLCertificateFile %(ssl_crt)s
SSLCertificateKeyFile %(ssl_key)s SSLCertificateKeyFile %(ssl_key)s
......
...@@ -96,7 +96,7 @@ mode = 640 ...@@ -96,7 +96,7 @@ mode = 640
[template-apache-frontend-configuration] [template-apache-frontend-configuration]
recipe = slapos.recipe.build:download recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache.conf.in url = ${:_profile_base_location_}/templates/apache.conf.in
md5sum = 09ffa9a94cc7506d32c2c422853106b6 md5sum = 8ff17b2a0d0495ec935e378f3976de71
mode = 640 mode = 640
[template-apache-cached-configuration] [template-apache-cached-configuration]
...@@ -164,7 +164,7 @@ md5sum = 8cde04bfd0c0e9bd56744b988275cfd8 ...@@ -164,7 +164,7 @@ md5sum = 8cde04bfd0c0e9bd56744b988275cfd8
[template-trafficserver-records-config] [template-trafficserver-records-config]
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/templates/trafficserver/${:filename} url = ${:_profile_base_location_}/templates/trafficserver/${:filename}
md5sum = c68fc90886c3314466b459520692e145 md5sum = 65afeef0229430ad8a6fbc57298b787b
location = ${buildout:parts-directory}/${:_buildout_section_name_} location = ${buildout:parts-directory}/${:_buildout_section_name_}
filename = records.config.jinja2 filename = records.config.jinja2
download-only = true download-only = true
......
...@@ -123,7 +123,8 @@ SSLSessionCacheTimeout 300 ...@@ -123,7 +123,8 @@ SSLSessionCacheTimeout 300
SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3 SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4 SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
<FilesMatch "\.(cgi|shtml|phtml|php)$"> <FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars SSLOptions +StdEnvVars
</FilesMatch> </FilesMatch>
......
...@@ -492,18 +492,19 @@ CONFIG proxy.config.url_remap.pristine_host_hdr INT 1 ...@@ -492,18 +492,19 @@ CONFIG proxy.config.url_remap.pristine_host_hdr INT 1
# proxy.config.exec_thread.autoconfig.scale by default. You can # proxy.config.exec_thread.autoconfig.scale by default. You can
# override that here (set it to a non-zero value). # override that here (set it to a non-zero value).
CONFIG proxy.config.ssl.number.threads INT 0 CONFIG proxy.config.ssl.number.threads INT 0
# The following three variables can be # The following variables control SSL protocols.
# set to 0 to disable SSLv2, SSLv3, and/or TLSv1.
# SSLv2 is disabled by default for security concern.
CONFIG proxy.config.ssl.SSLv2 INT 0 CONFIG proxy.config.ssl.SSLv2 INT 0
CONFIG proxy.config.ssl.SSLv3 INT 1 CONFIG proxy.config.ssl.SSLv3 INT 0
CONFIG proxy.config.ssl.TLSv1 INT 1 CONFIG proxy.config.ssl.TLSv1 INT 1
CONFIG proxy.config.ssl.TLSv1_1 INT 1
CONFIG proxy.config.ssl.TLSv1_2 INT 1
# The following two variables control the Cipher Suite traffic Server # The following two variables control the Cipher Suite traffic Server
# uses for HTTPS connnections and whether to prefer the client # uses for HTTPS connnections and whether to prefer the client
# selected (default) or the server selected # selected (default) or the server selected
# Our default SSL Cipher Suite tries to be reasonably fast and strong. # Our default SSL Cipher Suite tries to be reasonably fast and strong.
CONFIG proxy.config.ssl.server.cipher_suite STRING RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL CONFIG proxy.config.ssl.server.cipher_suite STRING ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
CONFIG proxy.config.ssl.server.honor_cipher_order INT 0
CONFIG proxy.config.ssl.server.honor_cipher_order INT 1
# Control if SSL should perform content compression or not # Control if SSL should perform content compression or not
CONFIG proxy.config.ssl.compression INT 0 CONFIG proxy.config.ssl.compression INT 0
# Client certification level should be: # Client certification level should be:
......
...@@ -111,7 +111,7 @@ extra-context = ...@@ -111,7 +111,7 @@ extra-context =
< = download-base < = download-base
url = ${:_profile_base_location_}/templates/${:filename}.in url = ${:_profile_base_location_}/templates/${:filename}.in
filename = nginx.conf filename = nginx.conf
md5sum = 72f4cc110f618b317793e21124f45121 md5sum = 3d80d73a9cfffca6687813d86ddc25ba
[check-recipe] [check-recipe]
recipe = plone.recipe.command recipe = plone.recipe.command
......
...@@ -24,8 +24,9 @@ http { ...@@ -24,8 +24,9 @@ http {
server_name _; server_name _;
ssl_certificate {{ parameter_dict['ssl-certificate'] }}; ssl_certificate {{ parameter_dict['ssl-certificate'] }};
ssl_certificate_key {{ parameter_dict['ssl-key'] }}; ssl_certificate_key {{ parameter_dict['ssl-key'] }};
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
ssl_prefer_server_ciphers on;
keepalive_timeout 90s; keepalive_timeout 90s;
client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
......
...@@ -32,7 +32,7 @@ mode = 0644 ...@@ -32,7 +32,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/httpd.conf.jinja2 url = ${:_profile_base_location_}/template/httpd.conf.jinja2
download-only = true download-only = true
md5sum = 0c9e75bcbaf5ed97f7b33d472107b634 md5sum = 97d84138323b1e3214847b1b7de9a10e
filename = httpd_conf.in filename = httpd_conf.in
mode = 0644 mode = 0644
......
...@@ -35,9 +35,9 @@ SSLRandomSeed startup builtin ...@@ -35,9 +35,9 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
SSLEngine On SSLEngine On
......
...@@ -203,7 +203,7 @@ recipe = hexagonit.recipe.download ...@@ -203,7 +203,7 @@ recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/apache.conf.in url = ${:_profile_base_location_}/template/apache.conf.in
mode = 644 mode = 644
filename = apache.conf.in filename = apache.conf.in
md5sum = 355fdabdb86fee8e9714b6d357149958 md5sum = ac97f6a52e1c5a19a646242ef85abb8a
download-only = true download-only = true
on-update = true on-update = true
......
...@@ -33,7 +33,9 @@ SSLCertificateFile {{ cert }} ...@@ -33,7 +33,9 @@ SSLCertificateFile {{ cert }}
SSLCertificateKeyFile {{ key }} SSLCertificateKeyFile {{ key }}
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol All -SSLv2 SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLProxyEngine On SSLProxyEngine On
DocumentRoot {{ document_root }} DocumentRoot {{ document_root }}
......
...@@ -46,9 +46,9 @@ SSLRandomSeed startup builtin ...@@ -46,9 +46,9 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
SSLSessionCache shmcb:/{{ directory.get("mod-ssl") }}/ssl_scache(512000) SSLSessionCache shmcb:/{{ directory.get("mod-ssl") }}/ssl_scache(512000)
SSLSessionCacheTimeout 300 SSLSessionCacheTimeout 300
</IfDefine> </IfDefine>
......
...@@ -37,7 +37,9 @@ SSLCertificateFile {{ certificate }} ...@@ -37,7 +37,9 @@ SSLCertificateFile {{ certificate }}
SSLCertificateKeyFile {{ key }} SSLCertificateKeyFile {{ key }}
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol ALL -SSLv2 SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
{% endif -%} {% endif -%}
<Directory /> <Directory />
......
...@@ -91,7 +91,7 @@ extra-context = ...@@ -91,7 +91,7 @@ extra-context =
[template-apache-conf] [template-apache-conf]
< = download-base < = download-base
filename = apache.conf.in filename = apache.conf.in
md5sum = 6fcf417f6b9651b1ed442f00c094f50c md5sum = d64cafda1139b740a49a9f5e30a1b57b
[template-re6st-registry-conf] [template-re6st-registry-conf]
< = download-base < = download-base
......
...@@ -36,10 +36,12 @@ SSLCertificateFile {{ parameter_dict['cert'] }} ...@@ -36,10 +36,12 @@ SSLCertificateFile {{ parameter_dict['cert'] }}
SSLCertificateKeyFile {{ parameter_dict['key'] }} SSLCertificateKeyFile {{ parameter_dict['key'] }}
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol All -SSLv2 SSLProtocol all -SSLv2 -SSLv3
#SSLHonorCipherOrder on SSLHonorCipherOrder on
{% if parameter_dict['cipher'] -%} {% if parameter_dict['cipher'] -%}
SSLCipherSuite {{ parameter_dict['cipher'] }} SSLCipherSuite {{ parameter_dict['cipher'] }}
{% else %}
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
{%- endif %} {%- endif %}
SSLSessionCache shmcb:{{ parameter_dict['ssl-session-cache'] }}(512000) SSLSessionCache shmcb:{{ parameter_dict['ssl-session-cache'] }}(512000)
SSLProxyEngine On SSLProxyEngine On
......
...@@ -74,7 +74,7 @@ md5sum = 02c258e51ff4619efe258bbf24b9ceed ...@@ -74,7 +74,7 @@ md5sum = 02c258e51ff4619efe258bbf24b9ceed
[template-apache-conf] [template-apache-conf]
< = download-base-part < = download-base-part
filename = apache.conf.in filename = apache.conf.in
md5sum = 77c9e3cd1e95279761310cd0eeda78b3 md5sum = 6a9426138d46ba5de75a86199be4f8d1
[template-create-erp5-site-real] [template-create-erp5-site-real]
< = download-base-part < = download-base-part
......
...@@ -106,7 +106,7 @@ mode = 0644 ...@@ -106,7 +106,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/nginx_conf.in url = ${:_profile_base_location_}/nginx_conf.in
download-only = true download-only = true
md5sum = 5bbe62827d232b3bbac3d5eb03e2d648 md5sum = 2ccfb122a6e8e4cce0d98e9db28be749
filename = nginx_conf.in filename = nginx_conf.in
mode = 0644 mode = 0644
...@@ -114,7 +114,7 @@ mode = 0644 ...@@ -114,7 +114,7 @@ mode = 0644
recipe = hexagonit.recipe.download recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/httpd_conf.in url = ${:_profile_base_location_}/httpd_conf.in
download-only = true download-only = true
md5sum = 21009dac6e9868bed61a669632103830 md5sum = 505edf5a6a39edf0238bd42934503f1b
filename = httpd_conf.in filename = httpd_conf.in
mode = 0644 mode = 0644
......
...@@ -44,9 +44,9 @@ SSLRandomSeed startup builtin ...@@ -44,9 +44,9 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
SSLEngine On SSLEngine On
Include {{ parameters.httpd_cors_file }} Include {{ parameters.httpd_cors_file }}
......
...@@ -24,8 +24,9 @@ http { ...@@ -24,8 +24,9 @@ http {
server_name _; server_name _;
ssl_certificate {{ param_nginx_frontend['ssl-certificate'] }}; ssl_certificate {{ param_nginx_frontend['ssl-certificate'] }};
ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }}; ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
ssl_prefer_server_ciphers on;
keepalive_timeout 90s; keepalive_timeout 90s;
client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
......
...@@ -36,10 +36,12 @@ SSLCertificateFile {{ parameter_dict['cert'] }} ...@@ -36,10 +36,12 @@ SSLCertificateFile {{ parameter_dict['cert'] }}
SSLCertificateKeyFile {{ parameter_dict['key'] }} SSLCertificateKeyFile {{ parameter_dict['key'] }}
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol All -SSLv2 SSLProtocol all -SSLv2 -SSLv3
#SSLHonorCipherOrder on SSLHonorCipherOrder on
{% if parameter_dict['cipher'] -%} {% if parameter_dict['cipher'] -%}
SSLCipherSuite {{ parameter_dict['cipher'] }} SSLCipherSuite {{ parameter_dict['cipher'] }}
{% else %}
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
{%- endif %} {%- endif %}
SSLSessionCache shmcb:{{ parameter_dict['ssl-session-cache'] }}(512000) SSLSessionCache shmcb:{{ parameter_dict['ssl-session-cache'] }}(512000)
SSLProxyEngine On SSLProxyEngine On
......
...@@ -370,7 +370,7 @@ md5sum = ec9321514674c084e509ca070763b4a1 ...@@ -370,7 +370,7 @@ md5sum = ec9321514674c084e509ca070763b4a1
[template-apache-conf] [template-apache-conf]
<= download-base <= download-base
filename = apache.conf.in filename = apache.conf.in
md5sum = 713b22938d7212c8506449bc0508452b md5sum = cbe53c1879db9601a521e3ce1d546116
[template-haproxy-cfg] [template-haproxy-cfg]
<= download-base <= download-base
......
...@@ -60,7 +60,7 @@ eggs = ...@@ -60,7 +60,7 @@ eggs =
# Monitor templates files # Monitor templates files
[monitor-httpd-conf] [monitor-httpd-conf]
<= monitor-template-base <= monitor-template-base
md5sum = 08137be9b80e0e13d9a906c264a2f51f md5sum = e023ede69a0bfb59165c75b1c16719f7
filename = monitor-httpd.conf.in filename = monitor-httpd.conf.in
[monitor-service-conf-template] [monitor-service-conf-template]
......
...@@ -45,9 +45,9 @@ SSLRandomSeed startup builtin ...@@ -45,9 +45,9 @@ SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1 SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLHonorCipherOrder on
</IfDefine> </IfDefine>
AddType application/hal+json .haljson AddType application/hal+json .haljson
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment