summary refs log tree commit diff
path: root/nixos/modules/services/web-servers/apache-httpd/default.nix
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2015-03-09 14:09:43 +0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2015-03-09 14:18:12 +0100
commit8cb3e3b864f5c7fc09d84cbb57461aef236f5864 (patch)
tree20a614cf08e12155e947d240da2a27694b835154 /nixos/modules/services/web-servers/apache-httpd/default.nix
parent7b2adc0039e9eb3668cefdf8c4143a15e88e3807 (diff)
downloadnixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar
nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.gz
nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.bz2
nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.lz
nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.xz
nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.zst
nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.zip
httpd: Disable insecure protocols/ciphers by default
This makes us resistant to FREAK and similar attacks.
Diffstat (limited to 'nixos/modules/services/web-servers/apache-httpd/default.nix')
-rw-r--r--nixos/modules/services/web-servers/apache-httpd/default.nix3
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
index 6a830827fd7..2b5cba68d45 100644
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -171,6 +171,9 @@ let
 
     SSLRandomSeed startup builtin
     SSLRandomSeed connect builtin
+
+    SSLProtocol All -SSLv2 -SSLv3
+    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!EXP
   '';
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-04 18:40:57 +0000