Use the SSLProtocol blacklist approach

It turns out that specifying the ciphers we want to use leads to
breakage.  So instead we'll explicitly tell Apache which ciphers
we don't want to use.

Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
This commit is contained in:
Timothy Chavez 2014-10-16 11:37:17 -05:00
parent 2783a56a16
commit 47db7ea292
6 changed files with 6 additions and 6 deletions

View File

@ -60,7 +60,7 @@
CustomLog /var/log/httpd/git-access.log combined CustomLog /var/log/httpd/git-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %>

View File

@ -23,7 +23,7 @@
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %>

View File

@ -24,7 +24,7 @@
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %>

View File

@ -22,7 +22,7 @@
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %>

View File

@ -39,7 +39,7 @@
ServerName <%= scope.lookupvar("mediawiki::site_hostname") %> ServerName <%= scope.lookupvar("mediawiki::site_hostname") %>
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("mediawiki::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("mediawiki::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("mediawiki::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("mediawiki::ssl_key_file") %>
<% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %> <% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %>

View File

@ -19,7 +19,7 @@
CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>