Hi Thomas,
Apache configuration directives go either directly in
/usr/local/pf/conf/httpd.conf.d/httpd.portal or in an included file such as
/usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf.
If you add you directives in there (conf/httpd.conf.d/ssl-certificates.conf)
they should not be overwritten when you upgrade.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2014-04-10, at 20:13 , Thomas Tsai <[email protected]> wrote:
> Where in the PF config can I control what SSLProtocols I am allowing? I do
> not want to allow SSLv2.
>
> If this was a plain vanilla apache install, I would go into
> /etc/httpd/conf.d/ssl.conf and modify the following lines:
>
> SSLProtocol -ALL +SSLv3 +TLSv1 -SSLv2
> SSLHonorCipherOrder On
> SSLCipherSuite
> ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
>
> By searching around, I saw that the ciphersuite in PF is controlled by
> /usr/local/pf/conf/httpd.conf.d/httpd.portal to disable weak ciphers
>
> …but I still don’t see where I can change the protocol? PF v4.1 – any
> suggestions?
>
> **********************************************
> Email Disclaimer:
>
> This email, including attachments, may contain
> proprietary, confidential or privileged information. If you
> are not the intended recipient, please (i) do not use,
> disclose, save or retransmit this message or any
> attachments, (ii) alert the sender by reply email and (iii)
> destroy or delete this message and any attachments.
> Delivery of this email to a person other than the intended
> recipient(s) shall not constitute a waiver of privilege or
> confidentiality.
>
> CP Investments, member FINRA and SIPC, serves as
> placement agent for certain investment products advised by
> Canyon Capital Advisors LLC. CP Investments does not act as
> a placement agent in any jurisdiction other than the U.S.
> This email is not intended to be an offer to sell or a
> solicitation of an offer to buy any security in any
> jurisdiction. We review and retain electronic communications
> traveling through our network.
>
> **********************************************
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
