From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 8 Mar 2014 01:34:31 +0000 (-0300)
Subject: Trying a better ciphersuite for passenger
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=eb1c01c99f9fe18b4702db2c3f8dc2e9ca615840;p=puppet-puppet.git

Trying a better ciphersuite for passenger
---

diff --git a/templates/passenger.erb b/templates/passenger.erb
index b58b4c8..364eca1 100644
--- a/templates/passenger.erb
+++ b/templates/passenger.erb
@@ -11,8 +11,8 @@ Listen <%= listen %>
 
 <VirtualHost *:<%= listen %>>
         SSLEngine on
-        SSLProtocol -ALL +SSLv3 +TLSv1
-        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+        SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
+        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
 
         SSLCertificateFile      /var/lib/puppetmaster/ssl/certs/<%= certname %>.pem
         SSLCertificateKeyFile   /var/lib/puppetmaster/ssl/private_keys/<%= certname %>.pem