Merge remote branch 'upstream/master'

Conflicts: etc/inc/pfsense-utils.inc
author: Seth Mos <seth.mos@dds.nl> 2011-04-28 11:33:48 +0200
committer: Seth Mos <seth.mos@dds.nl> 2011-04-28 11:33:48 +0200
commit: fcdc894353c77f527c209bbb966c71b7ea20dd13 (patch)
tree: 9a92684249810a9f00b659ef877a1f641fa99134 /etc/inc/system.inc
parent: 753bd64dffb8352ea273c1bf1f00aa099ec38634 (diff)
parent: 1dfb77950b9cc50158292b4590f22bd186ab6448 (diff)
download: pfsense-fcdc894353c77f527c209bbb966c71b7ea20dd13.zip
pfsense-fcdc894353c77f527c209bbb966c71b7ea20dd13.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 7e55730..a4acb22 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1181,6 +1181,11 @@ EOD;
 		$lighty_config .= "## ssl configuration\n";
 		$lighty_config .= "ssl.engine = \"enable\"\n";
 		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
+
+		// Harden SSL a bit for PCI conformance testing
+		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
+		$lighty_config .= "ssl.cipher-list = \"TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH\"\n";
+
 		if(!(empty($ca) || (strlen(trim($ca)) == 0)))
 			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
 	}
@@ -1291,7 +1296,7 @@ function system_ntp_configure() {
 	exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf");
 	
 	// Note that we are starting up
-	exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log");
+	log_error("OpenNTPD is starting up.");
 
 }
author	Seth Mos <seth.mos@dds.nl>	2011-04-28 11:33:48 +0200
committer	Seth Mos <seth.mos@dds.nl>	2011-04-28 11:33:48 +0200
commit	fcdc894353c77f527c209bbb966c71b7ea20dd13 (patch)
tree	9a92684249810a9f00b659ef877a1f641fa99134 /etc/inc/system.inc
parent	753bd64dffb8352ea273c1bf1f00aa099ec38634 (diff)
parent	1dfb77950b9cc50158292b4590f22bd186ab6448 (diff)
download	pfsense-fcdc894353c77f527c209bbb966c71b7ea20dd13.zip pfsense-fcdc894353c77f527c209bbb966c71b7ea20dd13.tar.gz