From b1d3cf582e1897b3a192790f43cfc25185673899 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 23 Sep 2019 17:59:01 +0000
Subject: [PATCH] pagure: Disable SSLv2, SSLv3, TLS1.0 and leave TLS1.1 and 1.2
 enabled. (ticket 8231)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/pagure/frontend/templates/stunnel-conf.j2 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/pagure/frontend/templates/stunnel-conf.j2 b/roles/pagure/frontend/templates/stunnel-conf.j2
index 1649b485bd..3f97e5bc86 100644
--- a/roles/pagure/frontend/templates/stunnel-conf.j2
+++ b/roles/pagure/frontend/templates/stunnel-conf.j2
@@ -8,6 +8,9 @@ key = /etc/pki/tls/certs/pagure.io.key
 pid = /var/run/stunnel.pid
 
 [{{ stunnel_service }}]
-
+sslVersion = all
+options = NO_SSLv2
+options = NO_SSLv3
+options = NO_TLSv1
 accept = {{ stunnel_source_port }}
 connect = {{ stunnel_destination_port }}