summaryrefslogtreecommitdiffstats
path: root/etc/inc/system.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/system.inc')
-rw-r--r--etc/inc/system.inc5
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 2e64099..c55a0c0 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1086,6 +1086,11 @@ EOD;
$lighty_config .= "## ssl configuration\n";
$lighty_config .= "ssl.engine = \"enable\"\n";
$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
+
+ // Harden SSL a bit for PCI conformance testing
+ $lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
+ $lighty_config .= "ssl.cipher-list = \"TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH\"\n";
+
if(!(empty($ca) || (strlen(trim($ca)) == 0)))
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
}
OpenPOWER on IntegriCloud