From 58893f4c0b3afdcce752d5d87219f5c161126744 Mon Sep 17 00:00:00 2001
From: David Cook <dcook@prosentient.com.au>
Date: Mon, 3 Jul 2023 23:52:53 +0000
Subject: [PATCH] Bug 34193: SSLProtocol enable in use versions and disable
 deprecated versions

This patch changes the default SSLProtocol for the Let's Encrypt
HTTPS template, so that it enables in use versions of TLS while
disabling the deprecated versions of TLS.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 debian/templates/apache-site-https.conf.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/templates/apache-site-https.conf.in b/debian/templates/apache-site-https.conf.in
index 196a415b8e..98fb506398 100644
--- a/debian/templates/apache-site-https.conf.in
+++ b/debian/templates/apache-site-https.conf.in
@@ -12,7 +12,7 @@
 # OPAC
 <VirtualHost *:80> #https
 #  SSLEngine on
-#  SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
+#  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
 #  SSLCompression off
 #  SSLHonorCipherOrder on
 #  SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA-
@@ -39,7 +39,7 @@
 # Intranet
 <VirtualHost *:80> #https
 #  SSLEngine on
-#  SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
+#  SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
 #  SSLCompression off
 #  SSLHonorCipherOrder on
 #  SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES
-- 
2.39.5