Enhancing SSL config

author Silvio Rhatto <rhatto@riseup.net>

Tue, 16 Jul 2013 18:21:39 +0000 (15:21 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Tue, 16 Jul 2013 18:21:39 +0000 (15:21 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Tue, 16 Jul 2013 18:21:39 +0000 (15:21 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Tue, 16 Jul 2013 18:21:39 +0000 (15:21 -0300)
diff --git a/templates/site.erb b/templates/site.erb

index 9e5763f8166abdbb84bbd7acdcddad3966fecd7a..f2443f9588cbc883565886b805444b8231487490 100644 (file)
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -62,9 +62,10 @@
  <% end %>
     # SSL Configuration
     SSLEngine on
-   SSLProtocol -all +SSLv3 +TLSv1
-   SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+   SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+   SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
     SSLHonorCipherOrder on
+   SSLCompression off
     SSLCertificateFile    /etc/ssl/certs/<%= title %>.crt
     SSLCertificateKeyFile /etc/ssl/private/<%= title %>.pem
  </VirtualHost>
author	Silvio Rhatto <rhatto@riseup.net>
	Tue, 16 Jul 2013 18:21:39 +0000 (15:21 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Tue, 16 Jul 2013 18:21:39 +0000 (15:21 -0300)