From a053ed23ef60228919af07eaaa39afd13fc2fd7c Mon Sep 17 00:00:00 2001 From: Timothy Chavez Date: Thu, 16 Oct 2014 11:37:17 -0500 Subject: [PATCH] Use the SSLProtocol blacklist approach It turns out that specifying the ciphers we want to use leads to breakage. So instead we'll explicitly tell Apache which ciphers we don't want to use. Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c --- templates/etherpadlite.vhost.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb index c42d19e..b77aa10 100644 --- a/templates/etherpadlite.vhost.erb +++ b/templates/etherpadlite.vhost.erb @@ -23,7 +23,7 @@ CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined SSLEngine on - SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 + SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %> SSLCertificateKeyFile <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %>