/[smeserver]/rpms/e-smith-apache/sme10/e-smith-apache-2.6.0-bz10459-Ciphers-and-TLS.patch
ViewVC logotype

Annotation of /rpms/e-smith-apache/sme10/e-smith-apache-2.6.0-bz10459-Ciphers-and-TLS.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat May 2 03:05:56 2020 UTC (4 years, 6 months ago) by jpp
Branch: MAIN
CVS Tags: e-smith-apache-2_6_0-5_el7_sme
* Fri May 01 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-5.sme
- disable TLSv1 TLSv1.1 by default [SME: 10459]
- put strong ciphers first in default string

1 jpp 1.1 diff -Nur e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite
2     --- e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite 2016-02-04 13:27:55.000000000 -0500
3     +++ e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite 2020-05-01 23:03:04.903000000 -0400
4     @@ -1,5 +1,5 @@
5     {
6     # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
7     $OUT = "SSLCipherSuite ";
8     - $OUT .= $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
9     + $OUT .= $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
10     }
11     diff -Nur e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol
12     --- e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol 2016-02-04 13:27:55.000000000 -0500
13     +++ e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol 2020-05-01 23:02:32.316000000 -0400
14     @@ -3,6 +3,7 @@
15     $OUT .= "SSLProtocol all";
16     $OUT .= " -SSLv2" unless (${'httpd-e-smith'}{'SSLv2'} || 'disabled') eq 'enabled';
17     $OUT .= " -SSLv3" unless (${'httpd-e-smith'}{'SSLv3'} || 'disabled') eq 'enabled';
18     - $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'enabled') eq 'enabled';
19     - $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'enabled') eq 'enabled';
20     + $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'disabled') eq 'enabled';
21     + $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'disabled') eq 'enabled';
22     + $OUT .= " -TLSv1.2" unless (${'httpd-e-smith'}{'TLSv1.2'} || 'enabled') eq 'enabled';
23     }

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed