From 69776cc42fdf9f77307e4ff7c58d5a5360991dd4 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 26 Feb 2014 15:01:29 +0100 Subject: [PATCH 1/1] apache: Update cipher suite that is used for the web user interface. Taken from here with exception of RC4. https://wiki.mozilla.org/Security/Server_Side_TLS#Apache --- config/httpd/vhosts.d/ipfire-interface-ssl.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index cc3cb1d90..dc6bb21ed 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -9,7 +9,8 @@ TransferLog /var/log/httpd/access_log SSLEngine on SSLProtocol all -SSLv2 - SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK + SSLHonorCipherOrder on SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key -- 2.39.2