From 499ab100c9695cc8ba6314e60b771e4d5342baea Mon Sep 17 00:00:00 2001
From: Nick Bebout <nb@lockbox01.phx2.fedoraproject.org>
Date: Tue, 21 Oct 2014 00:07:37 +0000
Subject: [PATCH] Finish SSL changes for sks

---
 roles/keyserver/files/sks.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/keyserver/files/sks.conf b/roles/keyserver/files/sks.conf
index 3e83e4dbd5..bc359b3814 100644
--- a/roles/keyserver/files/sks.conf
+++ b/roles/keyserver/files/sks.conf
@@ -48,13 +48,15 @@ NameVirtualHost *:443
 <VirtualHost *:443>
         ServerAdmin sysadmin-keys-members@fedoraproject.org
         ServerName keys.fedoraproject.org
-	ServerAlias keys01.fedoraproject.org
+	ServerAlias keys02.fedoraproject.org
 
         SSLEngine on
         SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
 	SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
         SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
         SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+
 	ProxyPass / http://localhost:11371/
 	ProxyPassReverse / http://localhost:11371/
         SetEnv proxy-nokeepalive 1
@@ -70,6 +72,8 @@ NameVirtualHost *:443
         SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
         SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
 	SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+
         ProxyPass / http://localhost:11371/
         ProxyPassReverse / http://localhost:11371/
         SetEnv proxy-nokeepalive 1