Bug 34193: SSLProtocol enable in use versions and disable deprecated versions
This patch changes the default SSLProtocol for the Let's Encrypt
HTTPS template, so that it enables in use versions of TLS while
disabling the deprecated versions of TLS.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 58893f4c0b
)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This commit is contained in:
parent
7651c42b6d
commit
79be336eee
1 changed files with 2 additions and 2 deletions
4
debian/templates/apache-site-https.conf.in
vendored
4
debian/templates/apache-site-https.conf.in
vendored
|
@ -12,7 +12,7 @@
|
|||
# OPAC
|
||||
<VirtualHost *:80> #https
|
||||
# SSLEngine on
|
||||
# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
|
||||
# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
# SSLCompression off
|
||||
# SSLHonorCipherOrder on
|
||||
# SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA-
|
||||
|
@ -39,7 +39,7 @@
|
|||
# Intranet
|
||||
<VirtualHost *:80> #https
|
||||
# SSLEngine on
|
||||
# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
|
||||
# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
# SSLCompression off
|
||||
# SSLHonorCipherOrder on
|
||||
# SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES
|
||||
|
|
Loading…
Reference in a new issue