From 9b0b16dab6494f2d8d7ba29ea100a7620767f275 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 8 Jan 2025 15:52:28 +0900 Subject: [PATCH] Added additional cipher (DHE-RSA-CHACHA20-POLY1305) for all Apache images --- .../web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf | 4 ++-- .../web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf | 4 ++-- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf index 91b8a7dde..92b08a986 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -16,8 +16,8 @@ Listen 8443 SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf index 9b1685c7c..43faf0eff 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf @@ -15,8 +15,8 @@ Listen 8443 SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf index 9b1685c7c..43faf0eff 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf @@ -15,8 +15,8 @@ Listen 8443 SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf index b60e34bae..a26afff0a 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -15,8 +15,8 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf index 91b8a7dde..92b08a986 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -16,8 +16,8 @@ Listen 8443 SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf index 9b1685c7c..43faf0eff 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf @@ -15,8 +15,8 @@ Listen 8443 SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf index 9b1685c7c..43faf0eff 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf @@ -15,8 +15,8 @@ Listen 8443 SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf index b60e34bae..a26afff0a 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -15,8 +15,8 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so SSLEngine on # intermediate configuration - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off