Allowed SSL Protocols was updated against internal endpoints.
Change-Id: Ibe48faa4c9b690b733a37cfdca70eb52c4416082
Related-PROD: PROD-27271
(cherry picked from commit ff9457f3e2e6a8049380db17978a5e65c2cd4458)
diff --git a/apache/server/ssl.yml b/apache/server/ssl.yml
index b720d5d..a4eedbf 100644
--- a/apache/server/ssl.yml
+++ b/apache/server/ssl.yml
@@ -16,19 +16,25 @@
excludeSSLv3:
name: '-SSLv3'
enabled: True
+ excludeTLSv1:
+ name: '-TLSv1'
+ enabled: True
+ excludeTLSv1.1:
+ name: '-TLSv1.1'
+ enabled: True
ciphers:
ECDHE-ECDSA-CHACHA20-POLY1305:
name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
- enabled: True
+ enabled: False
ECDHE-RSA-CHACHA20-POLY1305:
name: 'ECDHE-RSA-CHACHA20-POLY1305'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-GCM-SHA256:
name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
ECDHE-RSA-AES128-GCM-SHA256:
name: 'ECDHE-RSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES256-GCM-SHA384:
name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
enabled: True
@@ -37,76 +43,76 @@
enabled: True
DHE-RSA-AES128-GCM-SHA256:
name: 'DHE-RSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES256-GCM-SHA384:
name: 'DHE-RSA-AES256-GCM-SHA384'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-SHA256:
name: 'ECDHE-ECDSA-AES128-SHA256'
- enabled: True
+ enabled: False
ECDHE-RSA-AES128-SHA256:
name: 'ECDHE-RSA-AES128-SHA256'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-SHA:
name: 'ECDHE-ECDSA-AES128-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-AES256-SHA384:
name: 'ECDHE-RSA-AES256-SHA384'
enabled: True
ECDHE-RSA-AES128-SHA:
name: 'ECDHE-RSA-AES128-SHA'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES256-SHA384:
name: 'ECDHE-ECDSA-AES256-SHA384'
enabled: True
ECDHE-ECDSA-AES256-SHA:
name: 'ECDHE-ECDSA-AES256-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-AES256-SHA:
name: 'ECDHE-RSA-AES256-SHA'
- enabled: True
+ enabled: False
DHE-RSA-AES128-SHA256:
name: 'DHE-RSA-AES128-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES128-SHA:
name: 'DHE-RSA-AES128-SHA'
- enabled: True
+ enabled: False
DHE-RSA-AES256-SHA256:
name: 'DHE-RSA-AES256-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES256-SHA:
name: 'DHE-RSA-AES256-SHA'
- enabled: True
+ enabled: False
ECDHE-ECDSA-DES-CBC3-SHA:
name: 'ECDHE-ECDSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-DES-CBC3-SHA:
name: 'ECDHE-RSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
EDH-RSA-DES-CBC3-SHA:
name: 'EDH-RSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
AES128-GCM-SHA256:
name: 'AES128-GCM-SHA256'
- enabled: True
+ enabled: False
AES256-GCM-SHA384:
name: 'AES256-GCM-SHA384'
- enabled: True
+ enabled: False
AES128-SHA256:
name: 'AES128-SHA256'
- enabled: True
+ enabled: False
AES256-SHA256:
name: 'AES256-SHA256'
- enabled: True
+ enabled: False
AES256-SHA:
name: 'AES256-SHA'
- enabled: True
+ enabled: False
AES128-SHA:
name: 'AES128-SHA'
- enabled: True
+ enabled: False
DES-CBC3-SHA:
name: 'DES-CBC3-SHA'
- enabled: True
+ enabled: False
removeDSS:
name: '!DSS'
- enabled: True
\ No newline at end of file
+ enabled: True