Trying a better ciphersuite for passenger

author: Silvio Rhatto <rhatto@riseup.net> 2014-03-07 22:34:31 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2014-03-07 22:34:31 -0300
commit: eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840 (patch)
tree: 92501a5f7c837452b4bd0a2ae42371e51f0c356b
parent: 8118ad3c0c39c65a97530ca6c5dda4da590d5aa1 (diff)
download: puppet-puppet-eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840.tar.gz
puppet-puppet-eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/passenger.erb b/templates/passenger.erb
index b58b4c8..364eca1 100644
--- a/templates/passenger.erb
+++ b/templates/passenger.erb
@@ -11,8 +11,8 @@ Listen <%= listen %>
 
 <VirtualHost *:<%= listen %>>
         SSLEngine on
-        SSLProtocol -ALL +SSLv3 +TLSv1
-        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+        SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
 
         SSLCertificateFile      /var/lib/puppetmaster/ssl/certs/<%= certname %>.pem
         SSLCertificateKeyFile   /var/lib/puppetmaster/ssl/private_keys/<%= certname %>.pem
author	Silvio Rhatto <rhatto@riseup.net>	2014-03-07 22:34:31 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2014-03-07 22:34:31 -0300
commit	eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840 (patch)
tree	92501a5f7c837452b4bd0a2ae42371e51f0c356b
parent	8118ad3c0c39c65a97530ca6c5dda4da590d5aa1 (diff)
download	puppet-puppet-eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840.tar.gz puppet-puppet-eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840.tar.bz2