--- rpms/e-smith-apache/sme10/e-smith-apache-2.6.0-bz10459-Ciphers-and-TLS.patch	2020/05/02 03:05:56	1.1
+++ rpms/e-smith-apache/sme10/e-smith-apache-2.6.0-bz10459-Ciphers-and-TLS.patch	2020/05/02 21:27:13	1.2
@@ -6,7 +6,7 @@ diff -Nur e-smith-apache-2.6.0.old/root/
      # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
      $OUT  = "SSLCipherSuite ";
 -    $OUT .= $modSSL{CipherSuite} || 'HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
-+    $OUT .= $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
++    $OUT .= $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
  }
 diff -Nur e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol e-smith-apache-2.6.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol
 --- e-smith-apache-2.6.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol	2016-02-04 13:27:55.000000000 -0500
@@ -18,6 +18,6 @@ diff -Nur e-smith-apache-2.6.0.old/root/
 -    $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'enabled') eq 'enabled';
 -    $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'enabled') eq 'enabled';
 +    $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'disabled') eq 'enabled';
-+    $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'disabled') eq 'enabled';
-+    $OUT .= " -TLSv1.2" unless (${'httpd-e-smith'}{'TLSv1.2'} || 'enabled') eq 'enabled';
++    $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv11'} || 'disabled') eq 'enabled';
++    $OUT .= " -TLSv1.2" unless (${'httpd-e-smith'}{'TLSv12'} || 'enabled') eq 'enabled';
  }