* Thu Feb 20 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme

- load mod dav and dav_fs by default [SME: 2269]
- regroup multiple mod fragments in less fragments

root/etc/e-smith/db/configuration/defaults/httpd-e-smith/SSLv2

@@ -1 +0,0 @@
-disabled

root/etc/e-smith/db/configuration/migrate/apache

@@ -0,0 +1,5 @@
+{
+ # delete old httpd-e-smith apache properties
+ $DB->get('httpd-e-smith')->delete_prop($_) for ( qw(SSLv2 ) ); 
+
+}

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule15

@@ -1,3 +0,0 @@
-# notify for systemd
-LoadModule systemd_module modules/mod_systemd.so
-

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule50

@@ -4,10 +4,12 @@
 		proxy_http
 		alias
 		rewrite
+		access_compat
                 authn_core
                 authz_core
 		authz_host
 		authz_user
+		authnz_external
                 authn_file
                 authn_anon
                 auth_digest
@@ -15,9 +17,12 @@
                 authz_groupfile
 		authnz_ldap
 		ldap
+		dav
+		dav_fs
 		proxy_wstunnel
                 mpm_prefork
                 socache_dbm
+		systemd
                 unixd
 	    ));
 }

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule60

@@ -1,7 +0,0 @@
-{
-
-    $OUT .= load_modules(qw(
-               access_compat
-    ));
-}
-

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule80

@@ -1,4 +0,0 @@
-
-# Extra Modules
-LoadModule authnz_external_module modules/mod_authnz_external.so
-

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCipherSuite

@@ -1,5 +1,6 @@
-{
+{
-    # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
+    use esmith::ssl;
-    $OUT  = "SSLCipherSuite ";
+    # When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
-    $OUT .= $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
+    $OUT  = "SSLCipherSuite ";
+    $OUT .= $modSSL{CipherSuite} || $smeCiphers;
 }

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol

@@ -1,9 +1,5 @@
 {
+    use esmith::ssl;
     # Specify which SSL Protocols to accept for this context
-    $OUT .= "SSLProtocol all";
+    $OUT .= "SSLProtocol ". SSLprotoApache() ;
-    $OUT .= " -SSLv2" unless (${'httpd-e-smith'}{'SSLv2'} || 'disabled') eq 'enabled';
-    $OUT .= " -SSLv3" unless (${'httpd-e-smith'}{'SSLv3'} || 'disabled') eq 'enabled';
-    $OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'disabled') eq 'enabled';
-    $OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'disabled') eq 'enabled';
-    $OUT .= " -TLSv1.2" unless (${'httpd-e-smith'}{'TLSv1.2'} || 'enabled') eq 'enabled';
 }

smeserver-apache.spec

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - apache module
 %define name smeserver-apache
 Name: %{name}
 %define version 11.0.0
-%define release 12
+%define release 14
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -74,6 +74,15 @@ if [ $1 -gt 1 ] ; then
 fi
 
 %changelog
+* Thu Feb 20 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
+- load mod dav and dav_fs by default [SME: 2269]
+- regroup multiple mod fragments in less fragments
+
+* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
+- use esmith::ssl to set ciphers and protocol [SME: 12821]
+  improve cipher order to get strongers first
+  drop SSLv2
+
 * Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
 - fix OCSP Stapling support [SME: 12819]
 - fix .well-known/security.txt [SME: 12818]