From 3dc8aad827b40fa87290437970b6f0dad6915c8c Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 14 Oct 2014 17:07:06 -0700
Subject: [PATCH] Use only TLSv1 and greater to depoodle

The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
---
 templates/etherpadlite.vhost.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
index 97d05fa..c42d19e 100644
--- a/templates/etherpadlite.vhost.erb
+++ b/templates/etherpadlite.vhost.erb
@@ -23,6 +23,7 @@
   CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined
 
   SSLEngine on
+  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
 
   SSLCertificateFile      <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %>
   SSLCertificateKeyFile   <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %>