From 9ed11360d61b777ed33705e144badde902e8a96e Mon Sep 17 00:00:00 2001 From: David Cook Date: Mon, 3 Jul 2023 23:52:53 +0000 Subject: [PATCH] Bug 34193: SSLProtocol enable in use versions and disable deprecated versions This patch changes the default SSLProtocol for the Let's Encrypt HTTPS template, so that it enables in use versions of TLS while disabling the deprecated versions of TLS. Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 58893f4c0b3afdcce752d5d87219f5c161126744) Signed-off-by: Fridolin Somers (cherry picked from commit 79be336eeeb48d8227ba613cd5692a34b73fd5b3) Signed-off-by: Pedro Amorim --- debian/templates/apache-site-https.conf.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/templates/apache-site-https.conf.in b/debian/templates/apache-site-https.conf.in index 196a415b8e..98fb506398 100644 --- a/debian/templates/apache-site-https.conf.in +++ b/debian/templates/apache-site-https.conf.in @@ -12,7 +12,7 @@ # OPAC #https # SSLEngine on -# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 +# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # SSLCompression off # SSLHonorCipherOrder on # SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA- @@ -39,7 +39,7 @@ # Intranet #https # SSLEngine on -# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 +# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # SSLCompression off # SSLHonorCipherOrder on # SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES -- 2.39.5