From a5861df4347b9d4746d6ee0f8635fa11a8f20312 Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Thu, 1 May 2014 23:33:42 -0400
Subject: [PATCH] Better SSLCipherSuite for Perfect-Forward-Secrecy

---
 files/conf.d/hcoop-ssl | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 files/conf.d/hcoop-ssl

diff --git a/files/conf.d/hcoop-ssl b/files/conf.d/hcoop-ssl
new file mode 100644
index 0000000..226dcd9
--- /dev/null
+++ b/files/conf.d/hcoop-ssl
@@ -0,0 +1,3 @@
+# Apache defaults are OK, just change CipherSuite for better PFS
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:HIGH:!MEDIUM:!LOW:!SSLv2:!aNULL:!PSK
+SSLHonorCipherOrder on
-- 
2.20.1