From a63d202b440a1ea91b28d349cb3e8d7d78a0d869 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Elan=20Ruusam=C3=A4e?= <glen@delfi.ee>
Date: Mon, 29 Feb 2016 10:14:31 +0200
Subject: [PATCH] better https defaults

---
 pound.cfg | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pound.cfg b/pound.cfg
index 65785f0..f058d33 100644
--- a/pound.cfg
+++ b/pound.cfg
@@ -35,6 +35,13 @@ ListenHTTPS
 	Address 0.0.0.0
 	Port 443
 	Cert "/etc/pki/pound.pem"
+
+	Disable SSLv3
+	SSLAllowClientRenegotiation 0
+	SSLHonorCipherOrder 1
+	Ciphers "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+	AddHeader  "HTTPS: on"
+	RewriteLocation 0
 End
 
 Service
-- 
2.44.0