]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 464426d)
apache: Require TLSv1.2 for access to the web user interface
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 28 Feb 2018 11:55:35 +0000 (11:55 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 28 Feb 2018 11:55:35 +0000 (11:55 +0000)
This will work fine for FF 27 or newer, Chrome 30 or newer,
IE 11 on Windows 7 or newer, Opera 17 or newer, Safari 9 or
newer, Android 5.0 or newer and Java 8 or newer

Since IPFire is not supposed to host any other applications and
all have been removed in the last few Core Updates, only the web
user interface is served over HTTPS here. We clearly prefer
security over compatibility.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/httpd/vhosts.d/ipfire-interface-ssl.conf patch | blob | blame | history

diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index e51eb266c89b1ff52e6ccecf0f280bb4eb640b76..63e77021b6945aabb2d9816de4261fb6a34a76e9 100644 (file)
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -10,7 +10,7 @@
     TransferLog /var/log/httpd/access_log
 
     SSLEngine on
-    SSLProtocol all -SSLv2 -SSLv3
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
     SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
     SSLHonorCipherOrder on
     SSLCompression off
Peter's tree of IPFire 2.x