Disabling SSLv3

author Silvio Rhatto <rhatto@riseup.net>

Thu, 23 Oct 2014 18:25:59 +0000 (16:25 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Thu, 23 Oct 2014 18:25:59 +0000 (16:25 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Thu, 23 Oct 2014 18:25:59 +0000 (16:25 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Thu, 23 Oct 2014 18:25:59 +0000 (16:25 -0200)
diff --git a/templates/passenger.erb b/templates/passenger.erb

index 364eca1aabb4712faa560f0f36102de0b2e8a044..9bda8df6b3adea8cd9376b3cdb4902e7753fc675 100644 (file)
--- a/templates/passenger.erb
+++ b/templates/passenger.erb
@@ -11,7 +11,7 @@ Listen <%= listen %>
  
  <VirtualHost *:<%= listen %>>
          SSLEngine on
-        SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+        SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
          SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
  
          SSLCertificateFile      /var/lib/puppetmaster/ssl/certs/<%= certname %>.pem
author	Silvio Rhatto <rhatto@riseup.net>
	Thu, 23 Oct 2014 18:25:59 +0000 (16:25 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Thu, 23 Oct 2014 18:25:59 +0000 (16:25 -0200)