rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in

Browse Source 
default configuration; now follow OpenSSL system default (#1468322)
Resolves: rhbz#1468322
This commit is contained in:
Joe Orton 2018-09-21 15:22:11 +01:00
parent 89ff98903a
commit e6f5630905
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.34 Version: 2.4.34
Release: 7%{?dist} Release: 8%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -733,6 +733,10 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-8
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in
default configuration; now follow OpenSSL system default (#1468322)
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-7 * Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-7
- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol - mod_ssl: follow OpenSSL protocol defaults if SSLProtocol
is not configured (Rob Crittenden, #1618371) is not configured (Rob Crittenden, #1618371)

17
ssl.conf
View File

@ -70,11 +70,10 @@ LogLevel warn
SSLEngine on SSLEngine on
# List the protocol versions which clients are allowed to connect with. # List the protocol versions which clients are allowed to connect with.
# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be # The OpenSSL system profile is configured by default. See
# disabled as quickly as practical. By the end of 2016, only the TLSv1.2 # update-crypto-policies(8) for more details.
# protocol or later should remain in use. #SSLProtocol all -SSLv3
SSLProtocol all -SSLv3 #SSLProxyProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
# User agents such as web browsers are not configured for the user's # User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this # own preference of either security or performance, therefore this
@ -83,10 +82,10 @@ SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on SSLHonorCipherOrder on
# SSL Cipher Suite: # SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. # List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list. # See the mod_ssl documentation for a complete list.
# The OpenSSL system profile is configured by default. See # The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details. # update-crypto-policies(8) for more details.
SSLCipherSuite PROFILE=SYSTEM SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM SSLProxyCipherSuite PROFILE=SYSTEM