On Thu, Nov 20, 2014 at 11:10:07PM -0500, Patrick Uiterwijk wrote: > Hi, > > Sorry for the mistake in the previous one: I had specified the name of the cipher, which is not the same as the OpenSSL cipher spec. > Here another patch that does the same but now actually uses the correct cipher spec (and so works). > The only change wrt the previous patch is that the cipher name (TLS_RSA_WITH_AES_256_CBC_SHA) has been replaced with the cipher spec (AES256-SHA). > > > From 1833afa7dd674059a1d1e250a9924315bece044f Mon Sep 17 00:00:00 2001 > From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > Date: Fri, 21 Nov 2014 04:05:54 +0000 > Subject: [PATCH] Now really enable the correct cipher. > > OpenSSL AES256-SHA = TLS_RSA_WITH_AES_256_CBC_SHA > --- > .../download/files/httpd/dl.fedoraproject.org.conf | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf b/roles/download/files/httpd/dl.fedoraproject.org.conf > index 7be586c..aaa3872 100644 > --- a/roles/download/files/httpd/dl.fedoraproject.org.conf > +++ b/roles/download/files/httpd/dl.fedoraproject.org.conf > @@ -25,7 +25,7 @@ > # modules/squid/files/squid.conf-el6 too, to keep it in sync. > > SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 > - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK > + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK > > Include "conf.d/dl.fedoraproject.org/*.conf" > </VirtualHost> > -- +1 Pierre _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
