Disable SSLv3 on all copr instances

2015-01-14 17:23:28 +00:00 · 2015-01-14 17:23:28 +00:00 · 6034ba638f
commit 6034ba638f
parent cda4eb70a7
2 changed files with 3 additions and 1 deletions
--- a/roles/copr/backend/files/lighttpd/lighttpd.conf
+++ b/roles/copr/backend/files/lighttpd/lighttpd.conf
@ -451,5 +451,7 @@ $SERVER["socket"] == ":443" {
  ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
  ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
  ssl.disable-client-renegotiation = "enable"
+  ssl.use-sslv2 = "disable"
+  ssl.use-sslv3 = "disable"
  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 }
--- a/roles/copr/frontend/files/httpd/coprs_ssl.conf
+++ b/roles/copr/frontend/files/httpd/coprs_ssl.conf
@ -1,6 +1,6 @@
 <VirtualHost *:443>
    SSLEngine on
-    SSLProtocol all -SSLv2
+    SSLProtocol all -SSLv2 -SSLv3
    # Use secure TLSv1.1 and TLSv1.2 ciphers
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
    SSLHonorCipherOrder on