Trying a better ciphersuite for passenger

author Silvio Rhatto <rhatto@riseup.net>

Sat, 8 Mar 2014 01:34:31 +0000 (22:34 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Sat, 8 Mar 2014 01:34:31 +0000 (22:34 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Sat, 8 Mar 2014 01:34:31 +0000 (22:34 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Sat, 8 Mar 2014 01:34:31 +0000 (22:34 -0300)
diff --git a/templates/passenger.erb b/templates/passenger.erb

index b58b4c8b68acd28ebc86f14e5acb0946661c49d1..364eca1aabb4712faa560f0f36102de0b2e8a044 100644 (file)
--- a/templates/passenger.erb
+++ b/templates/passenger.erb
@@ -11,8 +11,8 @@ Listen <%= listen %>
  
  <VirtualHost *:<%= listen %>>
          SSLEngine on
-        SSLProtocol -ALL +SSLv3 +TLSv1
-        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+        SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
  
          SSLCertificateFile      /var/lib/puppetmaster/ssl/certs/<%= certname %>.pem
          SSLCertificateKeyFile   /var/lib/puppetmaster/ssl/private_keys/<%= certname %>.pem
author	Silvio Rhatto <rhatto@riseup.net>
	Sat, 8 Mar 2014 01:34:31 +0000 (22:34 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sat, 8 Mar 2014 01:34:31 +0000 (22:34 -0300)