Add SSL Procotol and Cipher config to default vhost

Infra doesn't really use this template, but in case someone else does, update the protocol to only use TLS and update the cipher list to the list of strong ciphers. Change-Id: Ibd8a0e65800e022ab8bc52f6af63c3c85e84419d
2016-03-01 08:03:15 -06:00 · 2016-03-01 08:03:15 -06:00 · aec75a659f
parent 3d6423ebdf
commit aec75a659f
1 changed files with 2 additions and 0 deletions
--- a/templates/vhost-proxy.conf.erb
+++ b/templates/vhost-proxy.conf.erb
@ -2,6 +2,8 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
 <VirtualHost <%= @vhost_name %>:<%= @port %>>
  <% if @ssl == true %>
  SSLEngine on
+  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
+  SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
  SSLCertificateFile <%= @ssl_path %>/certs/pl.cert
  SSLCertificateKeyFile <%= @ssl_path %>/private/pl.key
  <% end %>