Revision 9270
Added by ben leinfelder about 9 years ago
| metacat-site-ssl | ||
|---|---|---|
| 62 | 62 |
SSLVerifyDepth 10 |
| 63 | 63 |
</Location> |
| 64 | 64 |
|
| 65 |
# disable SSL v2 and v3 |
|
| 66 |
# intermediate configuration from https://mozilla.github.io/server-side-tls/ssl-config-generator/ |
|
| 67 |
SSLProtocol all -SSLv2 -SSLv3 |
|
| 68 |
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA |
|
| 69 |
SSLHonorCipherOrder on |
|
| 70 |
|
|
| 65 | 71 |
</VirtualHost> |
| 66 | 72 |
</IfModule> |
| 67 | 73 |
|
Also available in: Unified diff
For sample Apache config, disable SSLv2 and SSLv3 in favor of TLS. https://projects.ecoinformatics.org/ecoinfo/issues/6827