From patchwork Tue Sep  5 04:22:48 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
X-Patchwork-Id: 1404
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.ipfire.org (Postfix) with ESMTP id 8DBD561AB5
	for <patchwork@ipfire.org>; Mon,  4 Sep 2017 20:23:04 +0200 (CEST)
Received: from mail01.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 15F962852;
	Mon,  4 Sep 2017 20:23:04 +0200 (CEST)
Received: from mx.link38.eu (mx.link38.eu [188.68.43.123])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPS id 1AFBB284B
	for <development@lists.ipfire.org>;
	Mon,  4 Sep 2017 20:23:00 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx.link38.eu
Received: from mx-fra.brokers.link38.eu (mx-fra.brokers.link38.eu
	[10.141.75.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by mx.link38.eu (Postfix) with ESMTPS id 96FF9410BC
	for <development@lists.ipfire.org>;
	Mon,  4 Sep 2017 20:22:49 +0200 (CEST)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256
	bits)) (Client did not present a certificate)
	by mx-fra.brokers.link38.eu (Postfix) with ESMTPSA id 714859F315
	for <development@lists.ipfire.org>;
	Mon,  4 Sep 2017 20:22:49 +0200 (CEST)
Date: Mon, 4 Sep 2017 20:22:48 +0200
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu>
To: "development@lists.ipfire.org" <development@lists.ipfire.org>
Subject: [PATCH 2/3] add ECDSA certificate and key files to Apache
	configuration
Message-ID: <20170904202248.6b2b914f.peter.mueller@link38.eu>
Organization: Link38
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Make Apache use the ECDSA certificate and key, too.

Depends on PATCH 1/3 and on PATCH 3/3 in case of existing installations.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>

diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 6f353962e..1af6b5ff1 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -9,10 +9,12 @@
     TransferLog /var/log/httpd/access_log
     SSLEngine on
     SSLProtocol all -SSLv2 -SSLv3
     SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
     SSLHonorCipherOrder on
     SSLCertificateFile /etc/httpd/server.crt
     SSLCertificateKeyFile /etc/httpd/server.key
+    SSLCertificateFile /etc/httpd/server-ecdsa.crt
+    SSLCertiticateKeyFile /etc/httpd/server-ecdsa.key
 
     <Directory /srv/web/ipfire/html>
         Options ExecCGI