Enable RSA_WITH_AES_256_CBC_SHA256 for bfo

2014-11-20 21:12:21 +00:00 · 2014-11-20 21:12:21 +00:00 · c4e72c37ce
commit c4e72c37ce
parent 64be6801f6
1 changed files with 2 additions and 1 deletions
--- a/roles/download/files/httpd/dl.fedoraproject.org.conf
+++ b/roles/download/files/httpd/dl.fedoraproject.org.conf
@ -23,9 +23,10 @@
  # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
  # If you change the protocols or cipher suites, you should probably update
  # modules/squid/files/squid.conf-el6 too, to keep it in sync.
  # RSA_WITH_AES_256_CBC_SHA256 is supported for boot.fedoraproject.org (iPXE doesn't support DHE_ or ECDHE_)
   SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
-   SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+   SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:RSA_WITH_AES_256_CBC_SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
  Include "conf.d/dl.fedoraproject.org/*.conf"
 </VirtualHost>