From f9d2d601adf62cc08ed745695bb79b1ee7ad4e2e Mon Sep 17 00:00:00 2001
From: Sven Göthel <sgothel@jausoft.com>
Date: Sun, 2 Jun 2024 20:01:49 +0200
Subject: apache ssl setting update

---
 .../etc/apache2/sites-available/jogamp_org-ssl.conf           | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf
index 4eb3f11..58656b2 100644
--- a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf
+++ b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf
@@ -47,7 +47,8 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
     #   SSL Protocol support:
     # List the enable protocol levels with which clients will be able to
     # connect.  Disable SSLv2 access by default:
-    SSLProtocol all -SSLv2
+    # SSLProtocol all -SSLv2
+    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 
     #   SSL Cipher Suite:
     # List the ciphers that the client is permitted to negotiate.
@@ -81,8 +82,8 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
 	# SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
 	# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 
-    SSLCertificateFile /etc/ssl/local/jogamp2022a.org.crt.pem
-    SSLCertificateKeyFile /etc/ssl/local/jogamp2022a.org.key.apache.pem
+    SSLCertificateFile /etc/ssl/local/jogamp2025a.org.crt.pem
+    SSLCertificateKeyFile /etc/ssl/local/jogamp2025a.org.key.apache.pem
 
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
@@ -95,7 +96,9 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
 
     #SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
     #SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert3-20151105.pem
-    SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert4-20171102.pem
+    #SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert4-20171102.pem
+    #SSLCertificateChainFile /etc/ssl/local/thawte-ca-cert5-20181102.pem
+    SSLCertificateChainFile /etc/ssl/local/jogamp2025a.org.ca.pem
 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA
-- 
cgit v1.2.3