Hi all,
Below is a script that, via the Event Hooks plugin, will allow you to modify the default SSLCipherSuite setting whenever a new SSL certificate is installed. As always, feel free to tweak it to suit your purposes!
Thanks!
Below is a script that, via the Event Hooks plugin, will allow you to modify the default SSLCipherSuite setting whenever a new SSL certificate is installed. As always, feel free to tweak it to suit your purposes!
Thanks!
Code:
#!/bin/bash
#
# INSTALLATION:
#
# First, ensure the InterWorx CLI is installed via 'yum install interworx-cli'
#
# Install this script at /usr/local/bin/custom_cipher_suite.sh
#
# Enable the Event Hooks plugin in NodeWorx.
# Add the following line to your InterWorx Event Hook Configuration:
#
# Ctrl_Siteworx_Ssl install /usr/local/bin/custom_cipher_suite.sh
#
# Ensure that both this file *and* the Event Hook config are both readable
# and executable by the iworx user:
#
# chmod 0770 /usr/local/bin/custom_cipher_suite.sh
# chown iworx /usr/local/bin/custom_cipher_suite.sh
#
# In order for this script to run successfully, the iworx user
# must be added to the sudoers file. This can be done as follows:
#
# Run 'visudo'
# Append these lines:
#
# %iworx ALL=(ALL) NOPASSWD:SETENV: /bin/bash -p /usr/local/bin/custom_cipher_suite.sh
# Defaults:%iworx !requiretty
#
# Save and exit visudo
if [[ "$iw_working_domain" == "" ]]; then
exit 1
fi
if [[ "$(id -u)" != "0" ]]; then
self="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/$(basename $0)"
sudo -E bash -p $self
exit 0
fi
file="/etc/httpd/conf.d/vhost_$iw_working_domain.conf"
oldcipher="RC4:HIGH:MEDIUM:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW"
newcipher="[YOUR CUSTOM CIPHERSUITE HERE]"
sed -i "s/SSLCipherSuite $oldcipher/SSLCipherSuite $newcipher/g" $file