From 63b515dc260f2da9bd413fea254d2e5b634c793a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 28 Feb 2018 11:55:35 +0000 Subject: [PATCH] apache: Require TLSv1.2 for access to the web user interface This will work fine for FF 27 or newer, Chrome 30 or newer, IE 11 on Windows 7 or newer, Opera 17 or newer, Safari 9 or newer, Android 5.0 or newer and Java 8 or newer Since IPFire is not supposed to host any other applications and all have been removed in the last few Core Updates, only the web user interface is served over HTTPS here. We clearly prefer security over compatibility. Signed-off-by: Michael Tremer --- config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index e51eb266c8..63e77021b6 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -10,7 +10,7 @@ TransferLog /var/log/httpd/access_log SSLEngine on - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off -- 2.39.5