Commit 53124ed9 authored by Till Brehm's avatar Till Brehm

Implemented: FS#3706 - disable SSLv3 to protect servers agains POODLE attack.

parent 68b1465c
...@@ -63,6 +63,7 @@ NameVirtualHost *:<tmpl_var name="vhost_port"> ...@@ -63,6 +63,7 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
# SSL Configuration # SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On <tmpl_var name="ssl_comment">SSLEngine On
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
<tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
......
server { server {
listen {vhost_port}; listen {vhost_port};
ssl {ssl_on}; ssl {ssl_on};
{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
{ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
{ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
......
...@@ -6,6 +6,7 @@ server { ...@@ -6,6 +6,7 @@ server {
<tmpl_if name='ssl_enabled'> <tmpl_if name='ssl_enabled'>
listen <tmpl_var name='ip_address'>:443 ssl; listen <tmpl_var name='ip_address'>:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
<tmpl_if name='ipv6_enabled'> <tmpl_if name='ipv6_enabled'>
listen [<tmpl_var name='ipv6_address'>]:443 ssl; listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if> </tmpl_if>
......
...@@ -47,7 +47,8 @@ ...@@ -47,7 +47,8 @@
<IfModule mod_ssl.c> <IfModule mod_ssl.c>
<tmpl_if name='ssl_enabled'> <tmpl_if name='ssl_enabled'>
SSLEngine on SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
<tmpl_if name='has_bundle_cert'> <tmpl_if name='has_bundle_cert'>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment