diff options
author | John Wiegley <johnw@newartisans.com> | 2019-01-23 19:27:17 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-23 19:27:17 -0800 |
commit | 0305c55888b1327e6c0485c8fdea4c738284a781 (patch) | |
tree | be21dbb27bc24ff6be63d1e4d3f89f843655edbc /nixos | |
parent | 0abf1810668ec8df0321156b0675519610513100 (diff) | |
parent | fd5a88687c8a0e032d9c8f5000d12d0e31994193 (diff) | |
download | nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.tar nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.tar.gz nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.tar.bz2 nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.tar.lz nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.tar.xz nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.tar.zst nixpkgs-0305c55888b1327e6c0485c8fdea4c738284a781.zip |
Merge pull request #53702 from aanderse/apache-ssl-opt
nixos/httpd: add options sslCiphers & sslProtocols
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 73607c6f9a3..2d6ed853074 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -187,8 +187,8 @@ let SSLRandomSeed startup builtin SSLRandomSeed connect builtin - SSLProtocol All -SSLv2 -SSLv3 - SSLCipherSuite HIGH:!aNULL:!MD5:!EXP + SSLProtocol ${mainCfg.sslProtocols} + SSLCipherSuite ${mainCfg.sslCiphers} SSLHonorCipherOrder on ''; @@ -630,6 +630,19 @@ in description = "Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited"; }; + + sslCiphers = mkOption { + type = types.str; + default = "HIGH:!aNULL:!MD5:!EXP"; + description = "Cipher Suite available for negotiation in SSL proxy handshake."; + }; + + sslProtocols = mkOption { + type = types.str; + default = "All -SSLv2 -SSLv3"; + example = "All -SSLv2 -SSLv3 -TLSv1"; + description = "Allowed SSL/TLS protocol versions."; + }; } # Include the options shared between the main server and virtual hosts. |