Use only TLSv1 and greater to depoodle

The poodle SSLv3 vulnerability is a good reason to stop using SSLv3. Switch to TLS everywhere in our apache vhost configs. Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
2014-10-14 17:07:06 -07:00 · 2014-10-14 17:07:06 -07:00 · 0de9792bb6
parent 5a5a2553be
commit 0de9792bb6
1 changed files with 1 additions and 0 deletions
--- a/templates/apache/mediawiki.erb
+++ b/templates/apache/mediawiki.erb
@ -39,6 +39,7 @@
        ServerName <%= scope.lookupvar("mediawiki::site_hostname") %>

        SSLEngine on
+        SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
        SSLCertificateFile      <%= scope.lookupvar("mediawiki::ssl_cert_file") %>
        SSLCertificateKeyFile   <%= scope.lookupvar("mediawiki::ssl_key_file") %>
        <% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %>