From c28aff37223e5a9692dc48fc6751af201d77a3a3 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 16 Jul 2013 15:21:39 -0300
Subject: Enhancing SSL config

---
 templates/site.erb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'templates')

diff --git a/templates/site.erb b/templates/site.erb
index 9e5763f..f2443f9 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -62,9 +62,10 @@
 <% end %>
    # SSL Configuration
    SSLEngine on
-   SSLProtocol -all +SSLv3 +TLSv1
-   SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+   SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+   SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    SSLHonorCipherOrder on
+   SSLCompression off
    SSLCertificateFile    /etc/ssl/certs/<%= title %>.crt
    SSLCertificateKeyFile /etc/ssl/private/<%= title %>.pem
 </VirtualHost>
-- 
cgit v1.2.3