Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 34193: SSLProtocol enable in use versions and disable deprecated versions

Browse source 
This patch changes the default SSLProtocol for the Let's Encrypt
HTTPS template, so that it enables in use versions of TLS while
disabling the deprecated versions of TLS.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 58893f4c0b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This commit is contained in:
David Cook 2023-07-03 23:52:53 +00:00 committed by Fridolin Somers
parent 7651c42b6d
commit 79be336eee
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
debian/templates/apache-site-https.conf.in vendored
View file

@ -12,7 +12,7 @@
# OPAC
<VirtualHost *:80> #https
# SSLEngine on
# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# SSLCompression off
# SSLHonorCipherOrder on
# SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA-
@ -39,7 +39,7 @@
# Intranet
<VirtualHost *:80> #https
# SSLEngine on
# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# SSLCompression off
# SSLHonorCipherOrder on
# SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES