From: Hanno Böck <hanno@gentoo.org>
Date: Fri, 19 Dec 2014 03:09:45 +0000 (+0100)
Subject: Disable deprecated SSLv3 (POODLE fix)
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/4c87577cb2b3d35abd3c833c88ad18ddcd64b3b0

Disable deprecated SSLv3 (POODLE fix)
---

diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 60059837b..2a9bbb11e 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -7,7 +7,7 @@ server {
     ssl_certificate      /etc/ssl/certs/<%= @certificate %>.pem;
     ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
 
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:30m;