diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-03-09 14:09:43 +0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-03-09 14:18:12 +0100 |
commit | 8cb3e3b864f5c7fc09d84cbb57461aef236f5864 (patch) | |
tree | 20a614cf08e12155e947d240da2a27694b835154 /nixos/modules/services/web-servers/apache-httpd/default.nix | |
parent | 7b2adc0039e9eb3668cefdf8c4143a15e88e3807 (diff) | |
download | nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.gz nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.bz2 nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.lz nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.xz nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.tar.zst nixpkgs-8cb3e3b864f5c7fc09d84cbb57461aef236f5864.zip |
httpd: Disable insecure protocols/ciphers by default
This makes us resistant to FREAK and similar attacks.
Diffstat (limited to 'nixos/modules/services/web-servers/apache-httpd/default.nix')
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 6a830827fd7..2b5cba68d45 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -171,6 +171,9 @@ let SSLRandomSeed startup builtin SSLRandomSeed connect builtin + + SSLProtocol All -SSLv2 -SSLv3 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!EXP ''; |