From d85994c9ebcee956c51eac8283d90b42ed94e75c Mon Sep 17 00:00:00 2001
From: CSoellinger <dev@csoellinger.at>
Date: Sun, 04 Oct 2015 09:42:07 -0400
Subject: [PATCH] Updatet ispconfig.vhost tpl inside installer with new SSL Options - SSLCipherSuite - SSLHonorCipherOrder - Header always add Strict-Transport-Security - SSLUseStapling - SSLStaplingResponderTimeout - SSLStaplingReturnResponderErrors - SSLStaplingCache
---
install/tpl/apache_ispconfig.vhost.master | 18 ++++++++++++++++++
1 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 3619e16..e7a2eaa 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -68,8 +68,26 @@
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
+ <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:E$
+ <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+
+ <IfModule mod_headers.c>
+ Header always add Strict-Transport-Security "max-age=15768000"
+ </IfModule>
+
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+ <tmpl_var name="ssl_comment">SSLUseStapling on
+ <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+ <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors off
+</tmpl_if>
</VirtualHost>
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<IfModule mod_ssl.c>
+ <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
+
<Directory /var/www/php-cgi-scripts>
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
--
Gitblit v1.9.1