Mitigate security vulnerability CVE-2014-3566

Mitigate security vulnerability CVE-2014-3566 which relates to SSLv3 and Apache. This will disable SSLv3 and only enable TLS. More information can be found @ https://zmap.io/sslv3/servers.html. Change-Id: Ie74bfa341a722dacea65f382080d8d900e049084 Closes-Bug: 1382277
trafodion · Oct 17, 2014 · a5ff2b5 · a5ff2b5
1 parent baadb7b
commit a5ff2b5
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 4 deletions.
diff --git a/modules/cgit/templates/git.vhost.erb b/modules/cgit/templates/git.vhost.erb
@@ -48,7 +48,7 @@
   CustomLog /var/log/httpd/git-access.log combined
 
   SSLEngine on
-
+  SSLProtocol All -SSLv2 -SSLv3
   SSLCertificateFile      <%= scope.lookupvar("cgit::ssl_cert_file") %>
   SSLCertificateKeyFile   <%= scope.lookupvar("cgit::ssl_key_file") %>
 <% if scope.lookupvar("cgit::ssl_chain_file") != "" %>

diff --git a/modules/etherpad_lite/templates/etherpadlite.vhost.erb b/modules/etherpad_lite/templates/etherpadlite.vhost.erb
@@ -24,7 +24,7 @@
   CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined
 
   SSLEngine on
-
+  SSLProtocol All -SSLv2 -SSLv3
   SSLCertificateFile      <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %>
   SSLCertificateKeyFile   <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %>
   <% if scope.lookupvar("etherpad_lite::apache::ssl_chain_file") != "" %>

diff --git a/modules/gerrit/templates/gerrit.vhost.erb b/modules/gerrit/templates/gerrit.vhost.erb
@@ -25,7 +25,7 @@
   CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
 
   SSLEngine on
-
+  SSLProtocol All -SSLv2 -SSLv3
   SSLCertificateFile      <%= scope.lookupvar("gerrit::ssl_cert_file") %>
   SSLCertificateKeyFile   <%= scope.lookupvar("gerrit::ssl_key_file") %>
 <% if scope.lookupvar("gerrit::ssl_chain_file") != "" %>

diff --git a/modules/jenkins/templates/jenkins.vhost.erb b/modules/jenkins/templates/jenkins.vhost.erb
@@ -23,7 +23,7 @@
              CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined
 
              SSLEngine on
-
+             SSLProtocol All -SSLv2 -SSLv3
              SSLCertificateFile      <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %>
              SSLCertificateKeyFile   <%= scope.lookupvar("::jenkins::master::ssl_key_file") %>
              <% if scope.lookupvar("::jenkins::master::ssl_chain_file") != "" %>

diff --git a/modules/mediawiki/templates/apache/mediawiki.erb b/modules/mediawiki/templates/apache/mediawiki.erb
@@ -54,6 +54,7 @@
 
         # turn on SSL
         SSLEngine on
+        SSLProtocol All -SSLv2 -SSLv3
         SSLCertificateFile      <%= scope.lookupvar("mediawiki::ssl_cert_file") %>
         SSLCertificateKeyFile   <%= scope.lookupvar("mediawiki::ssl_key_file") %>
         <% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %>