From 6034ba638f2e2266e7028a00b844aa0004ce2e52 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 14 Jan 2015 17:23:28 +0000
Subject: [PATCH] Disable SSLv3 on all copr instances

---
 roles/copr/backend/files/lighttpd/lighttpd.conf | 2 ++
 roles/copr/frontend/files/httpd/coprs_ssl.conf  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/copr/backend/files/lighttpd/lighttpd.conf b/roles/copr/backend/files/lighttpd/lighttpd.conf
index 177d3d08a4..f316972703 100644
--- a/roles/copr/backend/files/lighttpd/lighttpd.conf
+++ b/roles/copr/backend/files/lighttpd/lighttpd.conf
@@ -451,5 +451,7 @@ $SERVER["socket"] == ":443" {
   ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
   ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
   ssl.disable-client-renegotiation = "enable"
+  ssl.use-sslv2 = "disable"
+  ssl.use-sslv3 = "disable"
   ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 }
diff --git a/roles/copr/frontend/files/httpd/coprs_ssl.conf b/roles/copr/frontend/files/httpd/coprs_ssl.conf
index aa713559b1..26040bbb4c 100644
--- a/roles/copr/frontend/files/httpd/coprs_ssl.conf
+++ b/roles/copr/frontend/files/httpd/coprs_ssl.conf
@@ -1,6 +1,6 @@
 <VirtualHost *:443>
     SSLEngine on
-    SSLProtocol all -SSLv2
+    SSLProtocol all -SSLv2 -SSLv3
     # Use secure TLSv1.1 and TLSv1.2 ciphers
     SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
     SSLHonorCipherOrder on