Merge pull request #98 from zn/patch

Updated checking version of Apache and hide unsupported directive
author: Julien Vehent <jvehent@users.noreply.github.com> 2015-11-19 09:03:27 -0500
committer: Julien Vehent <jvehent@users.noreply.github.com> 2015-11-19 09:03:27 -0500
commit: ae95c14c0079d479180c579ab3eea9ffe21e81ba (patch)
tree: be60eeed4a1119098bf32a5c852739d780fe3adc
parent: ad4401211f2c57afe76535973bcc0db7441643b7 (diff)
parent: 71c593627462a57e18c242ddc1062a8dedb3f8f6 (diff)
download: server-side-tls-ae95c14c0079d479180c579ab3eea9ffe21e81ba.zip
server-side-tls-ae95c14c0079d479180c579ab3eea9ffe21e81ba.tar.gz
server-side-tls-ae95c14c0079d479180c579ab3eea9ffe21e81ba.tar.bz2
1 files changed, 10 insertions, 4 deletions
diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html
index 2502cb7..faf171d 100644
--- a/ssl-config-generator/index.html
+++ b/ssl-config-generator/index.html
@@ -86,8 +86,8 @@ server {
     SSLProtocol             {{sslProtocols}}
     SSLCipherSuite          {{cipherSuites}}
     SSLHonorCipherOrder     on
-{{sslSessionTickets}}
 {{compression}}
+{{sslSessionTickets}}
 {{ocspStapling}}
 {{hsts}}
     ...
@@ -345,7 +345,11 @@ $SERVER["socket"] == ":443" {
                     break;
                 case "apache":
                     // http://httpd.apache.org/docs/current/mod/mod_ssl.html
-                    data.compression = isSemVer(data.serverVersion, ">=2.4.3") ? '    SSLCompression          off' : '';
+                    if (isOpenSSLSemVer(data.opensslVersion, ">=0.9.8")) {
+                        if ((/^2\.2/.test(data.serverVersion) && isSemVer(data.serverVersion, '>=2.2.24')) || isSemVer(data.serverVersion, '>=2.4.3')) {
+                            data.compression = '    SSLCompression          off';
+                        }
+                    }
                     if (isOpenSSLSemVer(data.opensslVersion, ">=0.9.8h") && isSemVer(data.serverVersion, '>=2.3.3')) {
                         data.ocspStapling = '\n    # OCSP Stapling, only in httpd 2.3.3 and later' + '\n' +
                             '    SSLUseStapling          on' + '\n' +
@@ -354,8 +358,10 @@ $SERVER["socket"] == ":443" {
                         data.ocspStaplingCache = 'SSLStaplingCache        shmcb:/var/run/ocsp(128000)' + '\n';
 
                     }
-                    if (isOpenSSLSemVer(data.opensslVersion, ">=0.9.8f") && isSemVer(data.serverVersion, '>=2.2.30')) {
-                        data.sslSessionTickets = '    SSLSessionTickets       off'
+                    if (isOpenSSLSemVer(data.opensslVersion, ">=0.9.8f")) {
+                        if ((/^2\.2/.test(data.serverVersion) && isSemVer(data.serverVersion, '>=2.2.30')) || isSemVer(data.serverVersion, '>=2.4.11')) {
+                            data.sslSessionTickets = '    SSLSessionTickets       off';
+                        }
                     }
                     if (isSemVer(data.serverVersion, '>=2.4.8')) {
                         data.certFile = '    SSLCertificateFile      /path/to/signed_certificate_followed_by_intermediate_certs';
author	Julien Vehent <jvehent@users.noreply.github.com>	2015-11-19 09:03:27 -0500
committer	Julien Vehent <jvehent@users.noreply.github.com>	2015-11-19 09:03:27 -0500
commit	ae95c14c0079d479180c579ab3eea9ffe21e81ba (patch)
tree	be60eeed4a1119098bf32a5c852739d780fe3adc
parent	ad4401211f2c57afe76535973bcc0db7441643b7 (diff)
parent	71c593627462a57e18c242ddc1062a8dedb3f8f6 (diff)
download	server-side-tls-ae95c14c0079d479180c579ab3eea9ffe21e81ba.zip server-side-tls-ae95c14c0079d479180c579ab3eea9ffe21e81ba.tar.gz server-side-tls-ae95c14c0079d479180c579ab3eea9ffe21e81ba.tar.bz2