blob: 62607b5a4fbe03c5e6df27188e5ceb493f3d409b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From ce67394ccb7eaf138330c52f9ec5062698efb8aa Mon Sep 17 00:00:00 2001
From: Michael Scherer <mscherer@redhat.com>
Date: Tue, 14 Oct 2014 23:36:21 -0400
Subject: [PATCH] Remove ssl v3, CVE-2014-3566
---
roles/httpd/files/remove_sslv3.conf | 1 +
roles/httpd/tasks/main.yml | 1 +
2 files changed, 2 insertions(+)
create mode 100644 roles/httpd/files/remove_sslv3.conf
diff --git a/roles/httpd/files/remove_sslv3.conf b/roles/httpd/files/remove_sslv3.conf
new file mode 100644
index 0000000..0872cbe
--- /dev/null
+++ b/roles/httpd/files/remove_sslv3.conf
@@ -0,0 +1 @@
+SSLProtocol all -SSLv2 -SSLv3
diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml
index 98d6ade..7dfe89d 100644
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@@ -11,6 +11,7 @@
with_items:
- name_vhost.conf
- mod_filter.conf
+ - remove_sslv3.conf
notify: restart httpd
- template: src=vhost.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644
--
1.8.3.1
|
