Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

disable sslv2 and weak ciphers

  • Loading branch information...
commit 40c5c21d5a7ee10a2fc0dfd38624b8a9429d2521 1 parent de6e0f1
Justin Ellison justinellison authored
Showing with 11 additions and 11 deletions.
  1. +11 −11 templates/ssl.load.rhel.erb
22 templates/ssl.load.rhel.erb
View
@@ -1,12 +1,12 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailing information about these
+# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
-#
+#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
+# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
@@ -33,18 +33,18 @@ AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
-# Configure the SSL Session Cache: First the mechanism
+# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
-# SSL engine uses internally for inter-process synchronization.
+# SSL engine uses internally for inter-process synchronization.
SSLMutex default
# Pseudo Random Number Generator (PRNG):
-# Configure one or more sources to seed the PRNG of the
+# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
@@ -64,7 +64,7 @@ SSLRandomSeed connect builtin
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
-# your accelerator is functioning properly.
+# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
@@ -92,12 +92,12 @@ SSLCryptoDevice builtin
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
-# SSLProtocol all -SSLv2
+SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
-# SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
@@ -177,7 +177,7 @@ SSLCryptoDevice builtin
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
-# directives are used in per-directory context.
+# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
###<Files ~ "\.(cgi|shtml|phtml|php3?)$">
### SSLOptions +StdEnvVars
@@ -203,7 +203,7 @@ SSLCryptoDevice builtin
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
-# works correctly.
+# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
Please sign in to comment.
Something went wrong with that request. Please try again.