A tweak to eg.conf to prevent against the BEAST exploit in TLS/SSL

author Michael Peters <mrpeters@library.in.gov>

Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)

committer Galen Charlton <gmc@esilibrary.com>

Mon, 31 Oct 2011 16:02:15 +0000 (12:02 -0400)
author Michael Peters <mrpeters@library.in.gov>
Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)
committer Galen Charlton <gmc@esilibrary.com>
Mon, 31 Oct 2011 16:02:15 +0000 (12:02 -0400)
diff --git a/Open-ILS/examples/apache/eg.conf b/Open-ILS/examples/apache/eg.conf

index 77b5f40..e2b0584 100644 (file)
--- a/Open-ILS/examples/apache/eg.conf
+++ b/Open-ILS/examples/apache/eg.conf
@@ -109,7 +109,8 @@ NameVirtualHost *:443
        ServerName localhost:443
        ServerAlias 127.0.0.1:443
        SSLEngine on
-       SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+       SSLHonorCipherOrder On
+       SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
 
     # If you don't have an SSL cert, you can create self-signed 
     # certificate and key with:
author	Michael Peters <mrpeters@library.in.gov>
	Thu, 27 Oct 2011 13:42:37 +0000 (09:42 -0400)
committer	Galen Charlton <gmc@esilibrary.com>
	Mon, 31 Oct 2011 16:02:15 +0000 (12:02 -0400)