This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via beb256e0a0a302a8722d082741375336ed4371f8 (commit) via a57f4a9f5d39069032b0f4e64f90fe4330cb6357 (commit) from f574f9ea02430521fafb9f28c3a42d31b68117bb (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit beb256e0a0a302a8722d082741375336ed4371f8 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Nov 20 15:46:53 2017 +0000

core117: Reload apache for change of configuration

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit a57f4a9f5d39069032b0f4e64f90fe4330cb6357 Author: Peter Müller peter.mueller@link38.eu Date: Sun Nov 19 17:24:36 2017 +0100

disable SSL compression and session tickets in Apache

Ensure that Apache never uses SSL compression, which is vulnerable, and turn off session tickets since the might cause impact to PFS.

Based against next, supersedes first version.

Reported-by: Wolfgang Apolinarski wolfgang.apolinarski@ipfire.org Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org

-----------------------------------------------------------------------

Summary of changes: config/httpd/vhosts.d/ipfire-interface-ssl.conf | 2 ++ config/rootfiles/core/117/filelists/files | 1 + config/rootfiles/core/117/update.sh | 1 + 3 files changed, 4 insertions(+)

Difference in files: diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index c9ccd5b..dacf6a0 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -11,6 +11,8 @@ SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA SSLHonorCipherOrder on + SSLCompression off + SSLSessionTickets off SSLCertificateFile /etc/httpd/server.crt SSLCertificateKeyFile /etc/httpd/server.key SSLCertificateFile /etc/httpd/server-ecdsa.crt diff --git a/config/rootfiles/core/117/filelists/files b/config/rootfiles/core/117/filelists/files index dea752c..a29d9ac 100644 --- a/config/rootfiles/core/117/filelists/files +++ b/config/rootfiles/core/117/filelists/files @@ -1,5 +1,6 @@ etc/system-release etc/issue +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf etc/ssl/certs/ca-bundle.crt etc/ssl/certs/ca-bundle.trust.crt opt/pakfire/lib/functions.pl diff --git a/config/rootfiles/core/117/update.sh b/config/rootfiles/core/117/update.sh index a8d83ba..816f7f1 100644 --- a/config/rootfiles/core/117/update.sh +++ b/config/rootfiles/core/117/update.sh @@ -43,6 +43,7 @@ ldconfig #/usr/local/bin/update-lang-cache

# Start services +/etc/init.d/apache reload

# This update need a reboot... #touch /var/run/need_reboot

hooks/post-receive -- IPFire 2.x development tree