Implemented: FS#3706 - disable SSLv3 to protect servers agains POODLE attack.

Till Brehm

2014-10-16 53124ed9dc52e8aee60d9018ffb32c18f03c4daa

Implemented: FS#3706 - disable SSLv3 to protect servers agains POODLE attack.

 install/tpl/apache_ispconfig.vhost.master

@@ -63,6 +63,7 @@

  # SSL Configuration
  <tmpl_var name="ssl_comment">SSLEngine On
  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
  <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
  <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

 install/tpl/nginx_ispconfig.vhost.master

@@ -1,6 +1,7 @@
server {
        listen {vhost_port};
        ssl {ssl_on};
        {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
        {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
        

 server/conf/nginx_vhost.conf.master

@@ -6,6 +6,7 @@
        
<tmpl_if name='ssl_enabled'>
        listen <tmpl_var name='ip_address'>:443 ssl;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
<tmpl_if name='ipv6_enabled'>
        listen [<tmpl_var name='ipv6_address'>]:443 ssl;
</tmpl_if>

 server/conf/vhost.conf.master

@@ -47,7 +47,8 @@

        <IfModule mod_ssl.c>
<tmpl_if name='ssl_enabled'>
    SSLEngine on
        SSLEngine on
        SSLProtocol All -SSLv2 -SSLv3
        SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
        SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
<tmpl_if name='has_bundle_cert'>