From 5901b6d25ce1b129db7b75c9e14c6f940349b343 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Wed, 9 May 2012 14:25:20 +0300
Subject: [PATCH] Improved ciphers from apache::sslsite to prevent BEAST
 attacks.

---
 apache/templates/site.https.conf.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb
index 9cdf161..8ba1343 100644
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@@ -22,8 +22,8 @@ SSLProtocol all -SSLv2
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
+SSLHonorCipherOrder On
+SSLCipherSuite RC4-SHA:HIGH:!ADH
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If