From b9a3ef486ebcde18a5ade37865ff8f397185d24f Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sun, 24 Jul 2016 05:30:59 -0400
Subject: [PATCH] Fixed #3979 Mailbox users unable to save autoresponders

---
 install/tpl/apache_ispconfig.vhost.master |   25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 7dce3c7..8aa41fa 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -62,26 +62,37 @@
 
   # SSL Configuration
   <tmpl_var name="ssl_comment">SSLEngine On
+  <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3
+  <tmpl_else>
   <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
+  </tmpl_if>
   <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
   <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
   <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
 
-  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
   <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+  <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLCompression Off
+  </tmpl_if>
+  <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
+  <tmpl_var name="ssl_comment">SSLSessionTickets Off
+  </tmpl_if>
 
   <IfModule mod_headers.c>
     Header always add Strict-Transport-Security "max-age=15768000"
+	RequestHeader unset Proxy early
   </IfModule>
 
-<tmpl_if name='apache_version' op='>=' value='1.4' format='version'>
-<tmpl_var name="ssl_comment">SSLUseStapling on
-<tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
-<tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors off
-</tmpl_if>
+  <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLUseStapling On
+  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
+  </tmpl_if>
 </VirtualHost>
 
-<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
 <IfModule mod_ssl.c>
   <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
 </IfModule>

--
Gitblit v1.9.1