From 6e14e5f9af63d18a1e0849b2f949348ab763e624 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 14 Oct 2014 17:07:06 -0700
Subject: [PATCH] Use only TLSv1 and greater to depoodle

The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
---
 templates/git.vhost.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/git.vhost.erb b/templates/git.vhost.erb
index 6d77a56..09b8748 100644
--- a/templates/git.vhost.erb
+++ b/templates/git.vhost.erb
@@ -60,6 +60,7 @@
   CustomLog /var/log/httpd/git-access.log combined
 
   SSLEngine on
+  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
 
   SSLCertificateFile      <%= scope.lookupvar("cgit::ssl_cert_file") %>
   SSLCertificateKeyFile   <%= scope.lookupvar("cgit::ssl_key_file") %>