diff options
author | Seth Mos <seth.mos@dds.nl> | 2011-04-28 11:33:48 +0200 |
---|---|---|
committer | Seth Mos <seth.mos@dds.nl> | 2011-04-28 11:33:48 +0200 |
commit | fcdc894353c77f527c209bbb966c71b7ea20dd13 (patch) | |
tree | 9a92684249810a9f00b659ef877a1f641fa99134 /etc/inc/system.inc | |
parent | 753bd64dffb8352ea273c1bf1f00aa099ec38634 (diff) | |
parent | 1dfb77950b9cc50158292b4590f22bd186ab6448 (diff) | |
download | pfsense-fcdc894353c77f527c209bbb966c71b7ea20dd13.zip pfsense-fcdc894353c77f527c209bbb966c71b7ea20dd13.tar.gz |
Merge remote branch 'upstream/master'
Conflicts:
etc/inc/pfsense-utils.inc
Diffstat (limited to 'etc/inc/system.inc')
-rw-r--r-- | etc/inc/system.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 7e55730..a4acb22 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1181,6 +1181,11 @@ EOD; $lighty_config .= "## ssl configuration\n"; $lighty_config .= "ssl.engine = \"enable\"\n"; $lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n"; + + // Harden SSL a bit for PCI conformance testing + $lighty_config .= "ssl.use-sslv2 = \"disable\"\n"; + $lighty_config .= "ssl.cipher-list = \"TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH\"\n"; + if(!(empty($ca) || (strlen(trim($ca)) == 0))) $lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n"; } @@ -1291,7 +1296,7 @@ function system_ntp_configure() { exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf"); // Note that we are starting up - exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log"); + log_error("OpenNTPD is starting up."); } |