comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in

default configuration; now follow OpenSSL system default (#1468322)
Resolves: rhbz#1468322
This commit is contained in:
Joe Orton 2018-09-21 15:22:11 +01:00
parent 89ff98903a
commit e6f5630905
2 changed files with 13 additions and 10 deletions

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.34 Version: 2.4.34
Release: 7%{?dist} Release: 8%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -733,6 +733,10 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-8
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in
default configuration; now follow OpenSSL system default (#1468322)
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-7 * Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-7
- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol - mod_ssl: follow OpenSSL protocol defaults if SSLProtocol
is not configured (Rob Crittenden, #1618371) is not configured (Rob Crittenden, #1618371)

View File

@ -70,11 +70,10 @@ LogLevel warn
SSLEngine on SSLEngine on
# List the protocol versions which clients are allowed to connect with. # List the protocol versions which clients are allowed to connect with.
# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be # The OpenSSL system profile is configured by default. See
# disabled as quickly as practical. By the end of 2016, only the TLSv1.2 # update-crypto-policies(8) for more details.
# protocol or later should remain in use. #SSLProtocol all -SSLv3
SSLProtocol all -SSLv3 #SSLProxyProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
# User agents such as web browsers are not configured for the user's # User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this # own preference of either security or performance, therefore this