comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in
default configuration; now follow OpenSSL system default (#1468322) Resolves: rhbz#1468322
This commit is contained in:
Joe Orton
parent
89ff98903a
commit
e6f5630905
@ -13,7 +13,7 @@
|
||||
Summary: Apache HTTP Server
|
||||
Name: httpd
|
||||
Version: 2.4.34
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
URL: https://httpd.apache.org/
|
||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||
Source1: index.html
|
||||
@ -733,6 +733,10 @@ exit $rv
|
||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||
|
||||
%changelog
|
||||
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-8
|
||||
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in
|
||||
default configuration; now follow OpenSSL system default (#1468322)
|
||||
|
||||
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-7
|
||||
- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol
|
||||
is not configured (Rob Crittenden, #1618371)
|
||||
|
||||
17
ssl.conf
17
ssl.conf
@ -70,11 +70,10 @@ LogLevel warn
|
||||
SSLEngine on
|
||||
|
||||
# List the protocol versions which clients are allowed to connect with.
|
||||
# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be
|
||||
# disabled as quickly as practical. By the end of 2016, only the TLSv1.2
|
||||
# protocol or later should remain in use.
|
||||
SSLProtocol all -SSLv3
|
||||
SSLProxyProtocol all -SSLv3
|
||||
# The OpenSSL system profile is configured by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
#SSLProtocol all -SSLv3
|
||||
#SSLProxyProtocol all -SSLv3
|
||||
|
||||
# User agents such as web browsers are not configured for the user's
|
||||
# own preference of either security or performance, therefore this
|
||||
@ -83,10 +82,10 @@ SSLProxyProtocol all -SSLv3
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
# The OpenSSL system profile is configured by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
# The OpenSSL system profile is configured by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user