From a6bf8d2d59c25a10c31fe8686b9dc19153a6bdb3 Mon Sep 17 00:00:00 2001
From: Trevor Batley <trevor@batley.id.au>
Date: Wed, 30 Aug 2023 14:51:36 +1000
Subject: [PATCH] tweak httpd ssl cipher params

---
 koji-setup/deploy-koji.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/koji-setup/deploy-koji.sh b/koji-setup/deploy-koji.sh
index 97dab6b..86d5e89 100755
--- a/koji-setup/deploy-koji.sh
+++ b/koji-setup/deploy-koji.sh
@@ -284,9 +284,9 @@ SSLRandomSeed connect builtin
     LogLevel warn
 
     SSLEngine on
-    SSLProtocol -all +TLSv1.2
-    SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!DH:!SHA1
     SSLHonorCipherOrder on
+    SSLCipherSuite PROFILE=SYSTEM
+    SSLProxyCipherSuite PROFILE=SYSTEM
 
     SSLCertificateFile $KOJI_PKI_DIR/kojihub.pem
     SSLCertificateKeyFile $KOJI_PKI_DIR/private/kojihub.key