cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject git commit: updated refs/heads/4.5 to ab8f367
Date Mon, 09 Mar 2015 07:13:56 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.5 519488fcd -> ab8f36785


systemvm: have apache2 use secure SSL cipher suite

Created using Mozilla's ssl config generator:
https://mozilla.github.io/server-side-tls/ssl-config-generator/

Intermediate setting was used, with apache version 2.2.22 and openssl 1.0.1e
Oldest compatible clients:
Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ab8f3678
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ab8f3678
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ab8f3678

Branch: refs/heads/4.5
Commit: ab8f367850c7ef75e1ff851397ff7dee4b5e40ab
Parents: 519488f
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Mon Mar 9 12:39:26 2015 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Mon Mar 9 12:43:42 2015 +0530

----------------------------------------------------------------------
 systemvm/patches/debian/config/etc/apache2/httpd.conf           | 5 +++--
 .../debian/config/etc/apache2/sites-available/default-ssl       | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab8f3678/systemvm/patches/debian/config/etc/apache2/httpd.conf
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/etc/apache2/httpd.conf b/systemvm/patches/debian/config/etc/apache2/httpd.conf
index 2a6b921..56366f2 100644
--- a/systemvm/patches/debian/config/etc/apache2/httpd.conf
+++ b/systemvm/patches/debian/config/etc/apache2/httpd.conf
@@ -1,2 +1,3 @@
-SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
-SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
+SSLProtocol             all -SSLv2 -SSLv3
+SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLHonorCipherOrder     on

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ab8f3678/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl b/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
index 6699f14..a2c21d7 100644
--- a/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
+++ b/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
@@ -43,6 +43,8 @@
 	#   Enable/Disable SSL for this virtual host.
 	SSLEngine on
 	SSLProtocol all -SSLv2 -SSLv3
+	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+	SSLHonorCipherOrder on
 
 	#   A self-signed (snakeoil) certificate can be created by installing
 	#   the ssl-cert package. See


Mime
View raw message