Implemented: FS#3706 - disable SSLv3 to protect servers agains POODLE attack.

Till Brehm · Till Brehm · commit 53124ed9dc52 · 2014-10-16T16:37:35.000+02:00
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
@@ -63,6 +63,7 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
 
   # SSL Configuration
   <tmpl_var name="ssl_comment">SSLEngine On
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
   <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
   <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
   <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
diff --git a/install/tpl/nginx_ispconfig.vhost.master b/install/tpl/nginx_ispconfig.vhost.master
@@ -1,6 +1,7 @@
 server {
         listen {vhost_port};
 		ssl {ssl_on};
+		{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
 		
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
@@ -6,6 +6,7 @@ server {
 		
 <tmpl_if name='ssl_enabled'>
         listen <tmpl_var name='ip_address'>:443 ssl;
+		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 <tmpl_if name='ipv6_enabled'>
         listen [<tmpl_var name='ipv6_address'>]:443 ssl;
 </tmpl_if>
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
@@ -47,7 +47,8 @@
 
 		<IfModule mod_ssl.c>
 <tmpl_if name='ssl_enabled'>
-	SSLEngine on
+		SSLEngine on
+		SSLProtocol All -SSLv2 -SSLv3
 		SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
 		SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
 <tmpl_if name='has_bundle_cert'>
