movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-27 03:26:50 +03:00
Code Activity

nixos/httpd: add options sslCiphers & sslProtocols

Browse source
This commit is contained in:
Aaron Andersen 2019-01-09 11:30:19 -05:00
parent 43d4f07bf1
commit fd5a88687c
1 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

17
nixos/modules/services/web-servers/apache-httpd/default.nix
View file

@ -187,8 +187,8 @@ let
SSLRandomSeed startup builtin SSLRandomSeed startup builtin
SSLRandomSeed connect builtin SSLRandomSeed connect builtin
SSLProtocol All -SSLv2 -SSLv3 SSLProtocol ${mainCfg.sslProtocols}
SSLCipherSuite HIGH:!aNULL:!MD5:!EXP SSLCipherSuite ${mainCfg.sslCiphers}
SSLHonorCipherOrder on SSLHonorCipherOrder on
''; '';
@ -630,6 +630,19 @@ in
description = description =
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited"; "Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
}; };
sslCiphers = mkOption {
type = types.str;
default = "HIGH:!aNULL:!MD5:!EXP";
description = "Cipher Suite available for negotiation in SSL proxy handshake.";
};
sslProtocols = mkOption {
type = types.str;
default = "All -SSLv2 -SSLv3";
example = "All -SSLv2 -SSLv3 -TLSv1";
description = "Allowed SSL/TLS protocol versions.";
};
} }
# Include the options shared between the main server and virtual hosts. # Include the options shared between the main server and virtual hosts.