maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

set explicit sslprotocol to react to poodle attack stuff (nginx)

Browse Source
This commit is contained in:
Frank Gehann
2014-10-30 14:57:04 +01:00
parent c63fa7ec97
commit 29d755433f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -531,7 +531,7 @@ class nginx {
if ($domain['ssl_cert_file'] != '') {
// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
//$sslsettings .= "\t" . 'ssl on;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' . "\n";
$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain['ssl_cert_file']) . ';' . "\n";