From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 2 May 2014 03:33:42 +0000 (-0400)
Subject: Better SSLCipherSuite for Perfect-Forward-Secrecy
X-Git-Tag: debian/10~2
X-Git-Url: https://git.hcoop.net/hcoop/zz_old/debian/hcoop-apache2-config.git/commitdiff_plain/a5861df4347b9d4746d6ee0f8635fa11a8f20312?hp=dd905b90768b26b5a5a46225682928bed3a6fcce

Better SSLCipherSuite for Perfect-Forward-Secrecy
---

diff --git a/files/conf.d/hcoop-ssl b/files/conf.d/hcoop-ssl
new file mode 100644
index 0000000..226dcd9
--- /dev/null
+++ b/files/conf.d/hcoop-ssl
@@ -0,0 +1,3 @@
+# Apache defaults are OK, just change CipherSuite for better PFS
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:HIGH:!MEDIUM:!LOW:!SSLv2:!aNULL:!PSK
+SSLHonorCipherOrder on