diff options
| author | Nick Bebout <nb@lockbox01.phx2.fedoraproject.org> | 2014-10-21 00:07:37 +0000 |
|---|---|---|
| committer | Nick Bebout <nb@lockbox01.phx2.fedoraproject.org> | 2014-10-21 00:07:37 +0000 |
| commit | 499ab100c9695cc8ba6314e60b771e4d5342baea (patch) | |
| tree | ac43e84112ac216f61278fd5994d5f708e9914e6 /roles/keyserver | |
| parent | 585752e8cbbc03b0f54a2a6c9d64d0dd630735eb (diff) | |
| download | ansible-499ab100c9695cc8ba6314e60b771e4d5342baea.tar.gz ansible-499ab100c9695cc8ba6314e60b771e4d5342baea.tar.xz ansible-499ab100c9695cc8ba6314e60b771e4d5342baea.zip | |
Finish SSL changes for sks
Diffstat (limited to 'roles/keyserver')
| -rw-r--r-- | roles/keyserver/files/sks.conf | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/roles/keyserver/files/sks.conf b/roles/keyserver/files/sks.conf index 3e83e4dbd..bc359b381 100644 --- a/roles/keyserver/files/sks.conf +++ b/roles/keyserver/files/sks.conf @@ -48,13 +48,15 @@ NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin sysadmin-keys-members@fedoraproject.org ServerName keys.fedoraproject.org - ServerAlias keys01.fedoraproject.org + ServerAlias keys02.fedoraproject.org SSLEngine on SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + ProxyPass / http://localhost:11371/ ProxyPassReverse / http://localhost:11371/ SetEnv proxy-nokeepalive 1 @@ -70,6 +72,8 @@ NameVirtualHost *:443 SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + ProxyPass / http://localhost:11371/ ProxyPassReverse / http://localhost:11371/ SetEnv proxy-nokeepalive 1 |