Hello Michael,

sorry, I forgot that. Sent in a second patch...

Best regards,
Peter Müller

> As I thought this isn't based against next...
> 
> On Sun, 2017-11-19 at 15:59 +0000, Michael Tremer wrote:
> > Hi,
> > 
> > I guess this is a simple patch that will merge straight away.
> > 
> > We can sort out the cipher suites later.
> > 
> > -Michael
> > 
> > On Sun, 2017-11-19 at 14:54 +0100, Peter Müller wrote:  
> > > Ensure that Apache never uses SSL compression, which is vulnerable,
> > > and turn off session tickets since the might cause impact to PFS.
> > > 
> > > Reported-by: Wolfgang Apolinarski <wolfgang.apolinarski(a)ipfire.org>
> > > Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> > > ---
> > >  config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 ++
> > >  1 file changed, 2 insertions(+)
> > > 
> > > diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > index d08d3d2bb..53115cfd4 100644
> > > --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
> > > @@ -11,6 +11,8 @@
> > >      SSLProtocol all -SSLv2 -SSLv3
> > >      SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-
> > > POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-
> > > ECDSA-
> > > AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-
> > > RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
> > >      SSLHonorCipherOrder on
> > > +    SSLCompression off
> > > +    SSLSessionTickets off
> > >      SSLCertificateFile /etc/httpd/server.crt
> > >      SSLCertificateKeyFile /etc/httpd/server.key
> > >      SSLCertificateFile /etc/httpd/server-ecdsa.crt