Browse Source

Merge pull request #316 from patrickod/patrickod/remove-ssl-v3

Configure all Apache vhosts to disable SSLv3
Luke Cyca 10 years ago
parent
commit
5f6160f914

+ 1
- 1
roles/blog/templates/etc_apache2_sites-available_blog.j2 View File

@@ -11,7 +11,7 @@
11 11
     ServerAlias www.{{ domain }}
12 12
 
13 13
     SSLEngine on
14
-    SSLProtocol ALL -SSLv2
14
+    SSLProtocol ALL -SSLv2 -SSLv3
15 15
     SSLHonorCipherOrder On
16 16
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
17 17
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/git/templates/etc_apache2_sites-available_cgit.j2 View File

@@ -8,7 +8,7 @@
8 8
     ServerName {{ cgit_domain }}
9 9
 
10 10
     SSLEngine on
11
-    SSLProtocol ALL -SSLv2
11
+    SSLProtocol ALL -SSLv2 -SSLv3
12 12
     SSLHonorCipherOrder On
13 13
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
14 14
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/mailserver/templates/etc_apache2_sites-available_autoconfig.j2 View File

@@ -19,7 +19,7 @@
19 19
     ServerName {{ mail_server_autoconfig_hostname }}
20 20
 
21 21
     SSLEngine on
22
-    SSLProtocol ALL -SSLv2
22
+    SSLProtocol ALL -SSLv2 -SSLv3
23 23
     SSLHonorCipherOrder On
24 24
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
25 25
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/newebe/templates/etc_apache2_sites-available_newebe.j2 View File

@@ -9,7 +9,7 @@
9 9
     ServerName {{ newebe_domain }}
10 10
     SSLEngine On
11 11
 
12
-    SSLProtocol ALL -SSLv2
12
+    SSLProtocol ALL -SSLv2 -SSLv3
13 13
     SSLHonorCipherOrder On
14 14
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
15 15
     SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/news/templates/etc_apache2_sites-available_selfoss.j2 View File

@@ -8,7 +8,7 @@
8 8
     ServerName {{ selfoss_domain }}
9 9
 
10 10
     SSLEngine on
11
-    SSLProtocol ALL -SSLv2
11
+    SSLProtocol ALL -SSLv2 -SSLv3
12 12
     SSLHonorCipherOrder On
13 13
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
14 14
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2 View File

@@ -8,7 +8,7 @@
8 8
     ServerName {{ owncloud_domain }}
9 9
 
10 10
     SSLEngine on
11
-    SSLProtocol ALL -SSLv2
11
+    SSLProtocol ALL -SSLv2 -SSLv3
12 12
     SSLHonorCipherOrder On
13 13
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
14 14
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/readlater/templates/etc_apache2_sites-available_wallabag.j2 View File

@@ -8,7 +8,7 @@
8 8
     ServerName {{ wallabag_domain }}
9 9
 
10 10
     SSLEngine on
11
-    SSLProtocol ALL -SSLv2
11
+    SSLProtocol ALL -SSLv2 -SSLv3
12 12
     SSLHonorCipherOrder On
13 13
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
14 14
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

+ 1
- 1
roles/webmail/templates/etc_apache2_sites-available_roundcube.j2 View File

@@ -8,7 +8,7 @@
8 8
     ServerName {{ webmail_domain }}
9 9
 
10 10
     SSLEngine on
11
-    SSLProtocol ALL -SSLv2
11
+    SSLProtocol ALL -SSLv2 -SSLv3
12 12
     SSLHonorCipherOrder On
13 13
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
14 14
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt

Loading…
Cancel
Save