diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2016-01-26 11:36:42 +0000 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2016-01-26 12:11:38 +0000 |
| commit | 01aece3a7551a0919a36fb27c6ceadeac4fccfc6 (patch) | |
| tree | b1b0c288c3cdb7d50c7c5f2c22ce1572d6758056 | |
| parent | eca82164d36504fb4dad9b6e0d62eef11d2a4aaf (diff) | |
| download | trove-setup-01aece3a7551a0919a36fb27c6ceadeac4fccfc6.tar.gz | |
lighttpd: Improve SSL configuration
Change-Id: I65e3386d5aec31a8bb8a02191b15ecc38ee33f43
| -rw-r--r-- | ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf index be51358..7215a63 100644 --- a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf +++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf @@ -21,6 +21,9 @@ $SERVER["socket"] == ":443" { ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" {% if TROVE_SSL_CA_FILE is defined %} ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem" {% endif %} + ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" + ssl.use-sslv2 = "disable" + ssl.use-sslv3 = "disable" } index-file.names = ("index.html") |