apache-frontend: update SSL configuration (-SSLv3, CipherSuite updated)

6bbd7c56 · Cédric Le Ninivin · 3b37d42a · 6bbd7c56 · 6bbd7c56 · 6bbd7c56
Commit 6bbd7c56 authored Mar 31, 2015 by Cédric Le Ninivin
4 changed files
--- a/software/apache-frontend/common.cfg
+++ b/software/apache-frontend/common.cfg
@@ -96,7 +96,7 @@ mode = 640
 [template-apache-frontend-configuration]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/apache.conf.in
-md5sum = ce88924c53f09c9a3ef12ec4d8a8ad16
+md5sum = eb509d5b924464b08e28d296da93b58c
 mode = 640

 [template-apache-cached-configuration]
@@ -127,13 +127,13 @@ mode = 640
 [template-default-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/000.conf.in
-md5sum = b40ffdab93a80b40046e3bbb2f7a58bc
+md5sum = ed1b680e31e30596bf051682ec0270b4
 mode = 640

 [template-default-slave-virtualhost]
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
-md5sum = 9bd3eda3c2aad5061f6cd6985e6f18d0
+md5sum = 3671d13456cec8c3347e8a6ad0badbff
 mode = 640

 [template-log-access]

--- a/software/apache-frontend/templates/000.conf.in
+++ b/software/apache-frontend/templates/000.conf.in
@@ -2,7 +2,8 @@
  ServerName www.example.org
  SSLEngine on
  SSLProxyEngine on
-  SSLProtocol ALL -SSLv2
+  SSLProtocol ALL -SSLv2 -SSLv3
+  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4

  # Rewrite part
  ProxyVia On

--- a/software/apache-frontend/templates/apache.conf.in
+++ b/software/apache-frontend/templates/apache.conf.in
@@ -115,7 +115,8 @@ SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
 SSLSessionCacheTimeout  300
 SSLRandomSeed startup /dev/urandom 256
 SSLRandomSeed connect builtin
-SSLProtocol ALL -SSLv2
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
 </FilesMatch>

--- a/software/apache-frontend/templates/default-virtualhost.conf.in
+++ b/software/apache-frontend/templates/default-virtualhost.conf.in
@@ -6,9 +6,9 @@

  SSLEngine on
  SSLProxyEngine on
-  SSLProtocol -ALL +SSLv3 +TLSv1
-  SSLHonorCipherOrder On
-  SSLCipherSuite RC4-SHA:HIGH:!ADH
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+

 {% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
       			      	 ('SSLCertificateKeyFile', 'path_to_ssl_key'),