[Pkg-puppet-devel] Bug#788127: SSLv3 is not disabled
Simon Van der Linden
simon at vanderlinden.eu.org
Mon Jun 8 20:59:55 UTC 2015
Package: puppet-module-puppetlabs-apache
Version: 1.1.1-1
In my manifest, I have:
class { '::apache’:
apache_version => 2.4,
...
}
class { 'apache::mod::ssl': }
In /etc/apache2/mods-enabled/ssl.conf, one can find:
SSLProtocol all -SSLv2
So SSLv3 is still enabled, as opposed to the default configuration of the apache2 package, where one can find:
SSLProtocol all -SSLv3
Since there is a general consensus that SSLv3 is weak, it should be disabled by default, as it is in most Debian packages. The parameter should be changed in templates/mod/ssl.conf.erb.
More information about the Pkg-puppet-devel
mailing list