Fixed ssl configuration (removed RC4)

Author: mblaschke

docker/web/httpd/conf/vhost.conf

@@ -104,9 +104,9 @@ CustomLog /proc/self/fd/1 dockerlog
   BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
   ## SSL Hardening
-  SSLProtocol         all -SSLv2 -SSLv3
+  SSLProtocol         All -SSLv2 -SSLv3
   SSLHonorCipherOrder on
-  SSLCipherSuite      "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
   SSLCompression      off
+  SSLCipherSuite      'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
 
 </VirtualHost>

docker/web/nginx/conf/vhost.conf

@@ -50,7 +50,11 @@ server {
     root "<DOCUMENT_ROOT>";
     index <DOCUMENT_INDEX>;
 
-    ssl    on;
+    ssl           on;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
+    ssl_ciphers   'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
+    ssl_prefer_server_ciphers on;
+
     ssl_certificate     /etc/nginx/ssl/server.crt;
     ssl_certificate_key /etc/nginx/ssl/server.key;