Merge pull request #53702 from aanderse/apache-ssl-opt

nixos/httpd: add options sslCiphers & sslProtocols
This commit is contained in:
John Wiegley 2019-01-23 19:27:17 -08:00 committed by GitHub
commit 0305c55888
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -187,8 +187,8 @@ let
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!EXP
SSLProtocol ${mainCfg.sslProtocols}
SSLCipherSuite ${mainCfg.sslCiphers}
SSLHonorCipherOrder on
'';
@ -630,6 +630,19 @@ in
description =
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
};
sslCiphers = mkOption {
type = types.str;
default = "HIGH:!aNULL:!MD5:!EXP";
description = "Cipher Suite available for negotiation in SSL proxy handshake.";
};
sslProtocols = mkOption {
type = types.str;
default = "All -SSLv2 -SSLv3";
example = "All -SSLv2 -SSLv3 -TLSv1";
description = "Allowed SSL/TLS protocol versions.";
};
}
# Include the options shared between the main server and virtual hosts.