From e7aa1c9b7387b0a730e867e2c1b5f78af101097b Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 28 Aug 2020 10:13:29 +0000
Subject: [PATCH] apache: Drop back to Mozilla intermediate

Looks like our proxies don't support modern settings yet.
---
 roles/apache/files/ssl.conf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/apache/files/ssl.conf b/roles/apache/files/ssl.conf
index a35a845..ff0b186 100644
--- a/roles/apache/files/ssl.conf
+++ b/roles/apache/files/ssl.conf
@@ -7,8 +7,9 @@
 
 Listen 443
 
-# Use Mozilla recommended modern ciphers
-SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
+# Use Mozilla recommended intermediate settings
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 SSLHonorCipherOrder off
 SSLSessionTickets off