Remove sslv2 if the apache version is >= 2.3.16

1 files changed, 5 insertions, 1 deletions

diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html
index 136e367..1103ada 100644
--- a/ssl-config-generator/index.html
+++ b/ssl-config-generator/index.html
@@ -187,6 +187,9 @@ frontend ft_test
                         data.hsts = '\n    # HSTS (mod_headers is required) (15768000 seconds = 6 months)' + '\n' +
                             '    Header always add Strict-Transport-Security "max-age=15768000"';
                     }
+                    if (isSemVer(data.serverVersion, '>=2.3.16')) {
+                    	data.sslProtocols = data.sslProtocols.replace(' -SSLv2','');
+                    }
                     break;
                 case "haproxy":
                     // http://www.haproxy.org/download/1.5/doc/configuration.txt
@@ -235,10 +238,10 @@ frontend ft_test
                     server: $("div#server-list input:radio:checked").val(),
                     securityProfile: $("div#security-profile-list input:radio:checked").val()
                 };
+                
                 var source = $("#" + data.server + "-template").html();
                 var template = Handlebars.compile(source);
                 data.visibility = "visible"; 
-                jQuery.extend(data, getVersionConstrainedDirectives(data));
                 jQuery.extend(data, {
                     sslProtocols: sslProtocols[data.securityProfile][data.server],
                     cipherSuites: cipherSuites[data.securityProfile],
@@ -250,6 +253,7 @@ frontend ft_test
                         profile: $("div#security-profile-list input:radio:checked").val()
                     })
                 });
+                jQuery.extend(data, getVersionConstrainedDirectives(data));
 
                 if (isOpenSSLSemVer(data.opensslVersion, "<1.0.1") && data.securityProfile == "modern") {
                 	$("#security-profile-list input#intermediate").prop( "checked", true );