Package: puppet-module-puppetlabs-apache
Version: 1.1.1-1
In my manifest, I have:
class { '::apache’:
apache_version => 2.4,
...
}
class { 'apache::mod::ssl': }
In /etc/apache2/mods-enabled/ssl.conf, one can find:
SSLProtocol all -SSLv2
So SSLv3 is still enabled, as opposed to the default configuration of the
apache2 package, where one can find:
SSLProtocol all -SSLv3
Since there is a general consensus that SSLv3 is weak, it should be disabled by
default, as it is in most Debian packages. The parameter should be changed in
templates/mod/ssl.conf.erb.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
