From 57d10e7d4c254192f02004559f8a7a77f917903d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Thu, 25 Oct 2018 13:50:36 +0200 Subject: [PATCH] - up to 2.4.37; enable TLSv1.3 and disable 1.0/1.1 --- apache-mod_ssl.conf | 4 ++-- apache.spec | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf index 5fdfa7e..7f0b259 100644 --- a/apache-mod_ssl.conf +++ b/apache-mod_ssl.conf @@ -64,12 +64,12 @@ SSLSessionCacheTimeout 300 # This directive can be used to control the SSL protocol flavors mod_ssl # should use when establishing its server environment. Clients then can only # connect with one of the provided protocols. -SSLProtocol all -SSLv2 -SSLv3 +SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:TLSv1.3 SSLHonorCipherOrder on diff --git a/apache.spec b/apache.spec index 85b9dc9..9bc7a81 100644 --- a/apache.spec +++ b/apache.spec @@ -21,7 +21,7 @@ # this is internal macro, don't change to %%apache_modules_api %define _apache_modules_api 20120211 -%define openssl_ver 1.0.2 +%define openssl_ver 1.1.1 %define apr_ver 1:1.6.0 %define apr_util_ver 1:1.6.0 @@ -35,12 +35,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW Summary(ru.UTF-8): Самый популярный веб-сервер Summary(tr.UTF-8): Lider WWW tarayıcı Name: apache -Version: 2.4.35 -Release: 2 +Version: 2.4.37 +Release: 1 License: Apache v2.0 Group: Networking/Daemons/HTTP Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 -# Source0-md5: 30c1cde80ffe814a8d16b4fdffda330a +# Source0-md5: 6a36e742180ee74bff97b28eee90c3f7 Source1: %{name}.init Source2: %{name}.logrotate Source3: %{name}.sysconfig -- 2.44.0