As I thought this isn't based against next...

On Sun, 2017-11-19 at 15:59 +0000, Michael Tremer wrote:
> Hi,
> 
> I guess this is a simple patch that will merge straight away.
> 
> We can sort out the cipher suites later.
> 
> -Michael
> 
> On Sun, 2017-11-19 at 14:54 +0100, Peter Müller wrote:
> > Ensure that Apache never uses SSL compression, which is vulnerable,
> > and turn off session tickets since the might cause impact to PFS.
> > 
> > Reported-by: Wolfgang Apolinarski <wolfgang.apolinarski(a)ipfire.org>
> > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > ---
> >  config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > index d08d3d2bb..53115cfd4 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > @@ -11,6 +11,8 @@
> >      SSLProtocol all -SSLv2 -SSLv3
> >      SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-
> > POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-
> > ECDSA-
> > AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-
> > RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
> >      SSLHonorCipherOrder on
> > +    SSLCompression off
> > +    SSLSessionTickets off
> >      SSLCertificateFile /etc/httpd/server.crt
> >      SSLCertificateKeyFile /etc/httpd/server.key
> >      SSLCertificateFile /etc/httpd/server-ecdsa.crt