From eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 7 Mar 2014 22:34:31 -0300
Subject: Trying a better ciphersuite for passenger

---
 templates/passenger.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/passenger.erb b/templates/passenger.erb
index b58b4c8..364eca1 100644
--- a/templates/passenger.erb
+++ b/templates/passenger.erb
@@ -11,8 +11,8 @@ Listen <%= listen %>
 
 <VirtualHost *:<%= listen %>>
         SSLEngine on
-        SSLProtocol -ALL +SSLv3 +TLSv1
-        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+        SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
 
         SSLCertificateFile      /var/lib/puppetmaster/ssl/certs/<%= certname %>.pem
         SSLCertificateKeyFile   /var/lib/puppetmaster/ssl/private_keys/<%= certname %>.pem
-- 
cgit v1.2.3