opendev/puppet-cgit
Code Issues Proposed changes

Use only TLSv1 and greater to depoodle

Browse Source 
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
This commit is contained in:
Clark Boylan
2014-10-14 17:07:06 -07:00
parent 5b8a4588b8
commit 6e14e5f9af
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
templates/git.vhost.erb
View File

@@ -60,6 +60,7 @@
CustomLog /var/log/httpd/git-access.log combined CustomLog /var/log/httpd/git-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %>