From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 2/3] add ECDSA certificate and key files to Apache configuration Date: Mon, 04 Sep 2017 20:22:48 +0200 Message-ID: <20170904202248.6b2b914f.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1790884897405135204==" List-Id: --===============1790884897405135204== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Make Apache use the ECDSA certificate and key, too. Depends on PATCH 1/3 and on PATCH 3/3 in case of existing installations. Signed-off-by: Peter M=C3=BCller --- diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/v= hosts.d/ipfire-interface-ssl.conf index 6f353962e..1af6b5ff1 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -9,10 +9,12 @@ TransferLog /var/log/httpd/access_log SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:E= CDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384= :ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:E= CDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE= -RSA-AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CA= MELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA SSLHonorCipherOrder on SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key + SSLCertificateFile /etc/httpd/server-ecdsa.crt + SSLCertiticateKeyFile /etc/httpd/server-ecdsa.key =20 Options ExecCGI --===============1790884897405135204==--