From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 16 Jul 2013 18:21:39 +0000 (-0300)
Subject: Enhancing SSL config
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=c28aff37223e5a9692dc48fc6751af201d77a3a3;p=puppet-apache.git

Enhancing SSL config
---

diff --git a/templates/site.erb b/templates/site.erb
index 9e5763f..f2443f9 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -62,9 +62,10 @@
 <% end %>
    # SSL Configuration
    SSLEngine on
-   SSLProtocol -all +SSLv3 +TLSv1
-   SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+   SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+   SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    SSLHonorCipherOrder on
+   SSLCompression off
    SSLCertificateFile    /etc/ssl/certs/<%= title %>.crt
    SSLCertificateKeyFile /etc/ssl/private/<%= title %>.pem
 </VirtualHost>