certbot

9543 commits 864 branches 155 tags 127 MiB

Author	SHA1	Message	Date
ohemorange	11e402893f	Remove SSLCompression off line from all config options (#7726 ) Based on discussion at https://github.com/certbot/certbot/pull/7712#discussion_r371451761. * Remove SSLCompression off line from all config options * Update changelog	2020-01-29 15:21:17 -08:00
ohemorange	b1a8e7175b	Disable old SSL versions and ciphersuites to follow Mozilla recommendations in Apache (#7712 ) Part of #7204. Makes the smaller changes described at https://github.com/certbot/certbot/issues/7204#issuecomment-571838185 to disable many old ciphersuites and TLS versions < 1.2. Does not add checks for OpenSSL version or modify session tickets. Since Apache uses TLS protocol blacklisting instead of whitelisting (as in NGINX), we additionally may not need to determine if the server supports TLS1.3 and turn it on or off based on Apache version. * Update SSL versions and ciphersuites based on Mozilla intermediate recommendations for apache * Update constants with hashes of new config files * Update changelog	2020-01-24 13:37:42 -08:00
ohemorange	8139689d4c	Make the contents of the apache plugin private (#7579 ) Part of #5775. Tree: ``` certbot-apache/certbot_apache ├── __init__.py ├── _internal │ ├── apache_util.py │ ├── augeas_lens │ │ ├── httpd.aug │ │ └── README │ ├── centos-options-ssl-apache.conf │ ├── configurator.py │ ├── constants.py │ ├── display_ops.py │ ├── entrypoint.py │ ├── http_01.py │ ├── __init__.py │ ├── obj.py │ ├── options-ssl-apache.conf │ ├── override_arch.py │ ├── override_centos.py │ ├── override_darwin.py │ ├── override_debian.py │ ├── override_fedora.py │ ├── override_gentoo.py │ ├── override_suse.py │ └── parser.py └── tests ├── ... ``` * Create _internal folder for certbot_apache * Move apache_util.py to _internal * Move display_ops.py to _internal * Move override_centos.py to _internal * Move override_gentoo.py to _internal * Move override_darwin.py to _internal * Move override_suse.py to _internal * Move override_debian.py to _internal * Move override_fedora.py to _internal * Move override_arch.py to _internal * Move parser.py to _internal * Move obj.py to _internal * Move http_01.py to _internal * Move entrypoint.py to _internal * Move constants.py to _internal * Move configurator.py to _internal * Move augeas_lens to _internal * Move options-ssl-apache.conf files to _internal * move augeas_lens in MANIFEST * Clean up some stray references to certbot_apache that could use _internal * Correct imports and lint	2019-11-25 09:44:40 -08:00

Author

SHA1

Message

Date

ohemorange

11e402893f

Remove SSLCompression off line from all config options (#7726 )

Based on discussion at https://github.com/certbot/certbot/pull/7712#discussion_r371451761.

* Remove SSLCompression off line from all config options

* Update changelog

2020-01-29 15:21:17 -08:00

ohemorange

b1a8e7175b

Disable old SSL versions and ciphersuites to follow Mozilla recommendations in Apache (#7712 )

Part of #7204.

Makes the smaller changes described at https://github.com/certbot/certbot/issues/7204#issuecomment-571838185 to disable many old ciphersuites and TLS versions < 1.2. Does not add checks for OpenSSL version or modify session tickets.

Since Apache uses TLS protocol blacklisting instead of whitelisting (as in NGINX), we additionally may not need to determine if the server supports TLS1.3 and turn it on or off based on Apache version.

* Update SSL versions and ciphersuites based on Mozilla intermediate recommendations for apache

* Update constants with hashes of new config files

* Update changelog

2020-01-24 13:37:42 -08:00

ohemorange

8139689d4c

Make the contents of the apache plugin private (#7579 )

Part of #5775.

Tree:
```
certbot-apache/certbot_apache
├── __init__.py
├── _internal
│   ├── apache_util.py
│   ├── augeas_lens
│   │   ├── httpd.aug
│   │   └── README
│   ├── centos-options-ssl-apache.conf
│   ├── configurator.py
│   ├── constants.py
│   ├── display_ops.py
│   ├── entrypoint.py
│   ├── http_01.py
│   ├── __init__.py
│   ├── obj.py
│   ├── options-ssl-apache.conf
│   ├── override_arch.py
│   ├── override_centos.py
│   ├── override_darwin.py
│   ├── override_debian.py
│   ├── override_fedora.py
│   ├── override_gentoo.py
│   ├── override_suse.py
│   └── parser.py
└── tests
    ├── ...
```

* Create _internal folder for certbot_apache

* Move apache_util.py to _internal

* Move display_ops.py to _internal

* Move override_centos.py to _internal

* Move override_gentoo.py to _internal

* Move override_darwin.py to _internal

* Move override_suse.py to _internal

* Move override_debian.py to _internal

* Move override_fedora.py to _internal

* Move override_arch.py to _internal

* Move parser.py to _internal

* Move obj.py to _internal

* Move http_01.py to _internal

* Move entrypoint.py to _internal

* Move constants.py to _internal

* Move configurator.py to _internal

* Move augeas_lens to _internal

* Move options-ssl-apache.conf files to _internal

* move augeas_lens in MANIFEST

* Clean up some stray references to certbot_apache that could use _internal

* Correct imports and lint

2019-11-25 09:44:40 -08:00

Renamed from certbot-apache/certbot_apache/options-ssl-apache.conf (Browse further)

3 commits