Better SSLCipherSuite for Perfect-Forward-Secrecy

author Clinton Ebadi <clinton@unknownlamer.org>

Fri, 2 May 2014 03:33:42 +0000 (23:33 -0400)

committer Clinton Ebadi <clinton@unknownlamer.org>

Fri, 2 May 2014 03:33:42 +0000 (23:33 -0400)
author Clinton Ebadi <clinton@unknownlamer.org>
Fri, 2 May 2014 03:33:42 +0000 (23:33 -0400)
committer Clinton Ebadi <clinton@unknownlamer.org>
Fri, 2 May 2014 03:33:42 +0000 (23:33 -0400)
diff --git a/files/conf.d/hcoop-ssl b/files/conf.d/hcoop-ssl

new file mode 100644 (file)

index 0000000..226dcd9
--- /dev/null
+++ b/files/conf.d/hcoop-ssl
@@ -0,0 +1,3 @@
+# Apache defaults are OK, just change CipherSuite for better PFS
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:HIGH:!MEDIUM:!LOW:!SSLv2:!aNULL:!PSK
+SSLHonorCipherOrder on
author	Clinton Ebadi <clinton@unknownlamer.org>
	Fri, 2 May 2014 03:33:42 +0000 (23:33 -0400)
committer	Clinton Ebadi <clinton@unknownlamer.org>
	Fri, 2 May 2014 03:33:42 +0000 (23:33 -0400)