From 4025a327bf90f7c2fdbbb107b4ae19da4fe2fc3e Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 21 Nov 2014 04:02:51 +0000 Subject: [PATCH] Revert "Enable RSA_WITH_AES_256_CBC_SHA256 for bfo" This reverts commit c4e72c37cedb2fd14e948f7a82d5ac14c12dc292. --- roles/download/files/httpd/dl.fedoraproject.org.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf b/roles/download/files/httpd/dl.fedoraproject.org.conf index 1129149ccb..7be586cb1c 100644 --- a/roles/download/files/httpd/dl.fedoraproject.org.conf +++ b/roles/download/files/httpd/dl.fedoraproject.org.conf @@ -23,10 +23,9 @@ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # If you change the protocols or cipher suites, you should probably update # modules/squid/files/squid.conf-el6 too, to keep it in sync. - # RSA_WITH_AES_256_CBC_SHA256 is supported for boot.fedoraproject.org (iPXE doesn't support DHE_ or ECDHE_) SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:RSA_WITH_AES_256_CBC_SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK Include "conf.d/dl.fedoraproject.org/*.conf"