2 files changed, 8 insertions, 3 deletions

diff --git a/modules/apache/templates/01_default_ssl_vhost.conf b/modules/apache/templates/01_default_ssl_vhost.conf
index d2aa9f94..c9cdcfcd 100644
--- a/modules/apache/templates/01_default_ssl_vhost.conf
+++ b/modules/apache/templates/01_default_ssl_vhost.conf
@@ -29,12 +29,14 @@ SSLEngine on
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+SSLHonorCipherOrder On
+SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
+
 
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
-# connect.  Disable SSLv2 access by default:
-SSLProtocol all -SSLv2
+# connect.  Disable SSLv2/v3 access by default:
+SSLProtocol ALL -SSLv2 -SSLv3
 
 <%- if wildcard_sslcert == 'true' then -%>
 SSLCertificateFile /etc/ssl/wildcard.<%= domain %>.crt
diff --git a/modules/apache/templates/vhost_ssl.conf b/modules/apache/templates/vhost_ssl.conf
index a26d2509..e39e6820 100644
--- a/modules/apache/templates/vhost_ssl.conf
+++ b/modules/apache/templates/vhost_ssl.conf
@@ -1,4 +1,7 @@
         SSLEngine on
+        SSLProtocol ALL -SSLv2 -SSLv3
+        SSLHonorCipherOrder On
+        SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
   <%- if wildcard_sslcert == 'true' then -%>
         SSLCertificateFile /etc/ssl/wildcard.<%= domain %>.crt
         SSLCertificateKeyFile /etc/ssl/wildcard.<%= domain %>.key