[packages/apache] - up to 2.4.37; enable TLSv1.3 and disable 1.0/1.1

Thu, 25 Oct 2018 04:50:56 -0700 

commit 57d10e7d4c254192f02004559f8a7a77f917903d
Author: Arkadiusz Miśkiewicz <[email protected]>
Date:   Thu Oct 25 13:50:36 2018 +0200

    - up to 2.4.37; enable TLSv1.3 and disable 1.0/1.1

 apache-mod_ssl.conf | 4 ++--
 apache.spec         | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 85b9dc9..9bc7a81 100644
--- a/apache.spec
+++ b/apache.spec
@@ -21,7 +21,7 @@
 # this is internal macro, don't change to %%apache_modules_api
 %define                _apache_modules_api 20120211
 
-%define                openssl_ver     1.0.2
+%define                openssl_ver     1.1.1
 %define                apr_ver         1:1.6.0
 %define                apr_util_ver    1:1.6.0
 
@@ -35,12 +35,12 @@ Summary(pt_BR.UTF-8):       Servidor HTTPD para prover 
serviços WWW
 Summary(ru.UTF-8):     Самый популярный веб-сервер
 Summary(tr.UTF-8):     Lider WWW tarayıcı
 Name:          apache
-Version:       2.4.35
-Release:       2
+Version:       2.4.37
+Release:       1
 License:       Apache v2.0
 Group:         Networking/Daemons/HTTP
 Source0:       http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 30c1cde80ffe814a8d16b4fdffda330a
+# Source0-md5: 6a36e742180ee74bff97b28eee90c3f7
 Source1:       %{name}.init
 Source2:       %{name}.logrotate
 Source3:       %{name}.sysconfig
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index 5fdfa7e..7f0b259 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -64,12 +64,12 @@ SSLSessionCacheTimeout  300
 #   This directive can be used to control the SSL protocol flavors mod_ssl
 #   should use when establishing its server environment. Clients then can only
 #   connect with one of the provided protocols.
-SSLProtocol all -SSLv2 -SSLv3
+SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:TLSv1.3
 
 SSLHonorCipherOrder on
 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/57d10e7d4c254192f02004559f8a7a77f917903d

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to