From 2a68660f4b1d6e6277f848bd4dd9af05efe2c1bb Mon Sep 17 00:00:00 2001
From: Timothy Chavez <timothy.chavez@hp.com>
Date: Thu, 16 Oct 2014 11:37:17 -0500
Subject: [PATCH] Use the SSLProtocol blacklist approach

It turns out that specifying the ciphers we want to use leads to
breakage.  So instead we'll explicitly tell Apache which ciphers
we don't want to use.

Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
---
 templates/apache/mediawiki.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/apache/mediawiki.erb b/templates/apache/mediawiki.erb
index b1cd718..92c01f4 100644
--- a/templates/apache/mediawiki.erb
+++ b/templates/apache/mediawiki.erb
@@ -39,7 +39,7 @@
         ServerName <%= scope.lookupvar("mediawiki::site_hostname") %>
 
         SSLEngine on
-        SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
+        SSLProtocol All -SSLv2 -SSLv3
         SSLCertificateFile      <%= scope.lookupvar("mediawiki::ssl_cert_file") %>
         SSLCertificateKeyFile   <%= scope.lookupvar("mediawiki::ssl_key_file") %>
         <% if scope.lookupvar("mediawiki::ssl_chain_file") != "" %>