From 58893f4c0b3afdcce752d5d87219f5c161126744 Mon Sep 17 00:00:00 2001 From: David Cook Date: Mon, 3 Jul 2023 23:52:53 +0000 Subject: [PATCH] Bug 34193: SSLProtocol enable in use versions and disable deprecated versions This patch changes the default SSLProtocol for the Let's Encrypt HTTPS template, so that it enables in use versions of TLS while disabling the deprecated versions of TLS. Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi --- debian/templates/apache-site-https.conf.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/templates/apache-site-https.conf.in b/debian/templates/apache-site-https.conf.in index 196a415b8e..98fb506398 100644 --- a/debian/templates/apache-site-https.conf.in +++ b/debian/templates/apache-site-https.conf.in @@ -12,7 +12,7 @@ # OPAC #https # SSLEngine on -# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 +# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # SSLCompression off # SSLHonorCipherOrder on # SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA- @@ -39,7 +39,7 @@ # Intranet #https # SSLEngine on -# SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 +# SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # SSLCompression off # SSLHonorCipherOrder on # SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES -- 2.39.5