|
|
|---|
|
|
84 |
# SSLProtocol |
| 85 |
# This directive can be used to control the SSL protocol flavors mod_ssl should use when |
| 86 |
# establishing its server environment. |
| 87 |
# Clients then can only connect with one of the provided protocols. |
| 88 |
# Default: SSLProtocol all -SSLv2 -SSLv3 |
| 89 |
# SSLv3 |
| 90 |
# This is the Secure Sockets Layer (SSL) protocol, version 3.0, from the Netscape Corporation. |
| 91 |
# It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by almost all browsers. |
| 92 |
# Setting UCR variable apache2/ssl/v3 to "True" enables SSLv3 (default: disabled) |
| 93 |
# TLSv1 |
| 94 |
# Transport Layer Security (TLS) protocol, version 1.0. |
| 95 |
# It is the successor to SSLv3 and is defined in RFC 2246. |
| 96 |
# Setting UCR variable apache2/ssl/tlsv1 to "False" disables TLSv1 (default: enabled) |
| 97 |
# TLSv1.1 |
| 98 |
# A revision of the TLS 1.0 protocol, as defined in RFC 4346. |
| 99 |
# Setting UCR variable apache2/ssl/tlsv11 to "False" disables TLSv1.1 (default:enabled) |
| 100 |
# TLSv1.2 |
| 101 |
# A revision of the TLS 1.0 protocol, as defined in RFC 5246. |
| 102 |
# Setting UCR variable apache2/ssl/tlsv12 to "False" disables TLSv1.2 (default:enabled) |
|
|
|---|
|
|
107 |
if configRegistry.get('apache2/ssl/tlsv1'): |
| 108 |
if configRegistry.is_false('apache2/ssl/tlsv1'): |
| 109 |
protocol += ' -TLSv1' |
| 110 |
if configRegistry.get('apache2/ssl/tlsv11'): |
| 111 |
if configRegistry.is_false('apache2/ssl/tlsv11'): |
| 112 |
protocol += ' -TLSv1.1' |
| 113 |
if configRegistry.get('apache2/ssl/tlsv12'): |
| 114 |
if configRegistry.is_false('apache2/ssl/tlsv12'): |
| 115 |
protocol += ' -TLSv1.2' |