summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2014-03-07 22:34:31 -0300
committerSilvio Rhatto <rhatto@riseup.net>2014-03-07 22:34:31 -0300
commiteb1c01c99f9fe18b4702db2c3f8dc2e9ca615840 (patch)
tree92501a5f7c837452b4bd0a2ae42371e51f0c356b /templates
parent8118ad3c0c39c65a97530ca6c5dda4da590d5aa1 (diff)
downloadpuppet-puppet-eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840.tar.gz
puppet-puppet-eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840.tar.bz2
Trying a better ciphersuite for passenger
Diffstat (limited to 'templates')
-rw-r--r--templates/passenger.erb4
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/passenger.erb b/templates/passenger.erb
index b58b4c8..364eca1 100644
--- a/templates/passenger.erb
+++ b/templates/passenger.erb
@@ -11,8 +11,8 @@ Listen <%= listen %>
<VirtualHost *:<%= listen %>>
SSLEngine on
- SSLProtocol -ALL +SSLv3 +TLSv1
- SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+ SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+ SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
SSLCertificateFile /var/lib/puppetmaster/ssl/certs/<%= certname %>.pem
SSLCertificateKeyFile /var/lib/puppetmaster/ssl/private_keys/<%= certname %>.pem