From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/3] prefer ECDSA over RSA and remove clutter
Date: Wed, 11 Oct 2017 21:42:00 +0200
Message-ID: <20171011214200.439132b6.peter.mueller@link38.eu>
In-Reply-To: <1507749513.2995.11.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7582881872751515833=="
List-Id: <development.lists.ipfire.org>

--===============7582881872751515833==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Michael,

puh! Was quite hard to encourage git... :-)

I think this one is missing: "[PATCH] redirect to TLS WebUI if authorisation =
required"

Best regards,
Peter M=C3=BCller
> Yay, finally this worked :) All merged!
>=20
> -Michael
>=20
> On Wed, 2017-10-11 at 19:24 +0200, Peter M=C3=BCller wrote:
> > Priorize ECDSA before RSA and remove unused cipher suites.
> > Remove redundant OpenSSL directives to make SSL configuration more readab=
le.
> >=20
> > Signed-off-by: Peter M=C3=BCller <peter.mueller(a)link38.eu>
> > ---
> >  config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >=20
> > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/htt=
pd/vhosts.d/ipfire-interface-ssl.conf
> > index 816b9e637..995c28e52 100644
> > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > @@ -9,7 +9,7 @@
> >      TransferLog /var/log/httpd/access_log
> >      SSLEngine on
> >      SSLProtocol all -SSLv2 -SSLv3
> > -    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SH=
A256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128=
-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECD=
HE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-=
AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2=
56-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA=
-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256=
-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
> > +    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA2=
56:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SH=
A384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA2=
56:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:E=
CDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SH=
A:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA
> >      SSLHonorCipherOrder on
> >      SSLCertificateFile /etc/httpd/server.crt
> >      SSLCertificateKeyFile /etc/httpd/server.key =20


--===============7582881872751515833==--