From 97ec269838d7bd74693d243e45484ec9c761f6e8 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Mon, 27 Oct 2014 11:46:28 +0100
Subject: [PATCH] set explicit sslprotocol to react to poodle attack stuff

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 scripts/jobs/cron_tasks.inc.http.10.apache.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index b3159e41..036961cd 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -317,6 +317,7 @@ class apache {
 
 					if ($row_ipsandports['ssl_cert_file'] != '') {
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
 						// this makes it more secure, thx to Marcel (08/2013)
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
@@ -708,6 +709,7 @@ class apache {
 
 			if ($domain['ssl_cert_file'] != '') {
 				$vhost_content .= '  SSLEngine On' . "\n";
+				$vhost_content .= '  SSLProtocol ALL -SSLv2 -SSLv3' . "\n";
 				// this makes it more secure, thx to Marcel (08/2013)
 				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
 				$vhost_content .= '  SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";