From 6bfec9dc40313fe8001ea6a72cc7323bf3bd2ae3 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 19 Aug 2013 11:20:39 +0200 Subject: [PATCH] adding cipher-order to ssl-vhosts when using apache, thx to Marcel Signed-off-by: Michael Kaufmann (d00p) --- scripts/jobs/cron_tasks.inc.http.10.apache.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 0167044e..4b654f6e 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -311,6 +311,9 @@ class apache if ($row_ipsandports['ssl_cert_file'] != '') { $this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n"; + // this makes it more secure, thx to Marcel (08/2013) + $this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n"; + $this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH' . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n"; if ($row_ipsandports['ssl_key_file'] != '') { @@ -648,6 +651,9 @@ class apache if ($domain['ssl_cert_file'] != '') { $vhost_content .= ' SSLEngine On' . "\n"; + // this makes it more secure, thx to Marcel (08/2013) + $vhost_content .= ' SSLHonorCipherOrder On' . "\n"; + $vhost_content .= ' SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH' . "\n"; $vhost_content .= ' SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n"; if ($domain['ssl_key_file'] != '') {