summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-07-16 15:21:39 -0300
committerSilvio Rhatto <rhatto@riseup.net>2013-07-16 15:21:39 -0300
commitc28aff37223e5a9692dc48fc6751af201d77a3a3 (patch)
treeb541c2a6350b8047f7fd7a0c0863767b4b16e741 /templates
parent8f41b04563c28f4db3baa9efa55156ed1edb74cd (diff)
downloadpuppet-apache-c28aff37223e5a9692dc48fc6751af201d77a3a3.tar.gz
puppet-apache-c28aff37223e5a9692dc48fc6751af201d77a3a3.tar.bz2
Enhancing SSL config
Diffstat (limited to 'templates')
-rw-r--r--templates/site.erb5
1 files changed, 3 insertions, 2 deletions
diff --git a/templates/site.erb b/templates/site.erb
index 9e5763f..f2443f9 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -62,9 +62,10 @@
<% end %>
# SSL Configuration
SSLEngine on
- SSLProtocol -all +SSLv3 +TLSv1
- SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+ SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+ SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLHonorCipherOrder on
+ SSLCompression off
SSLCertificateFile /etc/ssl/certs/<%= title %>.crt
SSLCertificateKeyFile /etc/ssl/private/<%= title %>.pem
</VirtualHost>