|
|
|
84 |
# SSLProtocol |
85 |
# This directive can be used to control the SSL protocol flavors mod_ssl should use when |
86 |
# establishing its server environment. |
87 |
# Clients then can only connect with one of the provided protocols. |
88 |
# Default: SSLProtocol all -SSLv2 -SSLv3 |
89 |
# SSLv3 |
90 |
# This is the Secure Sockets Layer (SSL) protocol, version 3.0, from the Netscape Corporation. |
91 |
# It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by almost all browsers. |
92 |
# Setting UCR variable apache2/ssl/v3 to "True" enables SSLv3 (default: disabled) |
93 |
# TLSv1 |
94 |
# Transport Layer Security (TLS) protocol, version 1.0. |
95 |
# It is the successor to SSLv3 and is defined in RFC 2246. |
96 |
# Setting UCR variable apache2/ssl/tlsv1 to "False" disables TLSv1 (default: enabled) |
97 |
# TLSv1.1 |
98 |
# A revision of the TLS 1.0 protocol, as defined in RFC 4346. |
99 |
# Setting UCR variable apache2/ssl/tlsv11 to "False" disables TLSv1.1 (default:enabled) |
100 |
# TLSv1.2 |
101 |
# A revision of the TLS 1.0 protocol, as defined in RFC 5246. |
102 |
# Setting UCR variable apache2/ssl/tlsv12 to "False" disables TLSv1.2 (default:enabled) |
|
|
|
107 |
if configRegistry.get('apache2/ssl/tlsv1'): |
108 |
if configRegistry.is_false('apache2/ssl/tlsv1'): |
109 |
protocol += ' -TLSv1' |
110 |
if configRegistry.get('apache2/ssl/tlsv11'): |
111 |
if configRegistry.is_false('apache2/ssl/tlsv11'): |
112 |
protocol += ' -TLSv1.1' |
113 |
if configRegistry.get('apache2/ssl/tlsv12'): |
114 |
if configRegistry.is_false('apache2/ssl/tlsv12'): |
115 |
protocol += ' -TLSv1.2' |