From 01aece3a7551a0919a36fb27c6ceadeac4fccfc6 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Tue, 26 Jan 2016 11:36:42 +0000
Subject: lighttpd: Improve SSL configuration

Change-Id: I65e3386d5aec31a8bb8a02191b15ecc38ee33f43
---
 ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf
index be51358..7215a63 100644
--- a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf
+++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf
@@ -21,6 +21,9 @@ $SERVER["socket"] == ":443" {
   ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
 {% if TROVE_SSL_CA_FILE is defined %}  ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem"
 {% endif %}
+  ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
+  ssl.use-sslv2 = "disable"
+  ssl.use-sslv3 = "disable"
 }
 
 index-file.names = ("index.html")
-- 
cgit v1.2.1