Implemented: FS#3706 - disable SSLv3 to protect servers agains POODLE attack.
| | |
| | | |
| | | # SSL Configuration |
| | | <tmpl_var name="ssl_comment">SSLEngine On |
| | | <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3 |
| | | <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt |
| | | <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key |
| | | <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle |
| | |
| | | server { |
| | | listen {vhost_port}; |
| | | ssl {ssl_on}; |
| | | {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| | | {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; |
| | | {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; |
| | | |
| | |
| | | |
| | | <tmpl_if name='ssl_enabled'> |
| | | listen <tmpl_var name='ip_address'>:443 ssl; |
| | | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| | | <tmpl_if name='ipv6_enabled'> |
| | | listen [<tmpl_var name='ipv6_address'>]:443 ssl; |
| | | </tmpl_if> |
| | |
| | | |
| | | <IfModule mod_ssl.c> |
| | | <tmpl_if name='ssl_enabled'> |
| | | SSLEngine on |
| | | SSLEngine on |
| | | SSLProtocol All -SSLv2 -SSLv3 |
| | | SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt |
| | | SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key |
| | | <tmpl_if name='has_bundle_cert'> |