diff -Nur e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite --- e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite 2016-02-04 13:27:55.000000000 -0500 +++ e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite 2020-05-01 23:03:04.903000000 -0400 @@ -1,5 +1,5 @@ { # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated. $OUT = "SSLCipherSuite "; - $OUT .= $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4'; + $OUT .= $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4'; } diff -Nur e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol --- e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol 2016-02-04 13:27:55.000000000 -0500 +++ e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol 2020-05-01 23:02:32.316000000 -0400 @@ -3,6 +3,7 @@ $OUT .= "SSLProtocol all"; $OUT .= " -SSLv2" unless (${'httpd-e-smith'}{'SSLv2'} || 'disabled') eq 'enabled'; $OUT .= " -SSLv3" unless (${'httpd-e-smith'}{'SSLv3'} || 'disabled') eq 'enabled'; - $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'enabled') eq 'enabled'; - $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'enabled') eq 'enabled'; + $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'disabled') eq 'enabled'; + $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'disabled') eq 'enabled'; + $OUT .= " -TLSv1.2" unless (${'httpd-e-smith'}{'TLSv1.2'} || 'enabled') eq 'enabled'; }