1 files changed, 12 insertions, 10 deletions

diff --git a/modules/apache/templates/01_default_ssl_vhost.conf b/modules/apache/templates/01_default_ssl_vhost.conf
index d096c5db..323bf145 100644
--- a/modules/apache/templates/01_default_ssl_vhost.conf
+++ b/modules/apache/templates/01_default_ssl_vhost.conf
@@ -15,7 +15,7 @@
 #   General setup for the virtual host
 DocumentRoot "/var/www/html"
 #ServerName localhost:443
-ServerAdmin root@<%= domain %>
+ServerAdmin root@<%= @domain %>
 ErrorLog logs/ssl_error_log
 
 <IfModule mod_log_config.c>
@@ -29,21 +29,23 @@ SSLEngine on
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+SSLHonorCipherOrder On
+SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
+
 
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
-# connect.  Disable SSLv2 access by default:
-SSLProtocol all -SSLv2
+# connect.  Disable SSLv2/v3 access by default:
+SSLProtocol ALL -SSLv2 -SSLv3
 
-<%- if wildcard_sslcert == 'true' then -%>
-SSLCertificateFile /etc/ssl/wildcard.<%= domain %>.crt
-SSLCertificateKeyFile /etc/ssl/wildcard.<%= domain %>.key
-SSLCACertificateFile /etc/ssl/wildcard.<%= domain %>.pem
+<%- if @wildcard_sslcert == 'true' then -%>
+SSLCertificateFile /etc/ssl/wildcard.<%= @domain %>.crt
+SSLCertificateKeyFile /etc/ssl/wildcard.<%= @domain %>.key
+SSLCACertificateFile /etc/ssl/wildcard.<%= @domain %>.pem
 SSLVerifyClient None
 <%- else -%>
-SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+SSLCertificateFile    /etc/ssl/apache/localhost.pem
+SSLCertificateKeyFile /etc/ssl/apache/localhost.pem
 #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
 #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
 <%- end -%>