commit 91ba0d02925ae1326966df173d3d3894fa7bdec7 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Sun Nov 27 09:26:11 2016 +0100 Sync with fedoara roles/httpd/website/templates/website.conf | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf index e45e805..6547452 100644 --- a/roles/httpd/website/templates/website.conf +++ b/roles/httpd/website/templates/website.conf @@ -42,8 +42,8 @@ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # If you change the protocols or cipher suites, you should probably update # modules/squid/files/squid.conf-el6 too, to keep it in sync. - SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} {% if sslonly %} Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"