--- a/src/pkg/manifests/package:pkg:depot.p5m	Wed Nov 19 09:58:50 2014 +0530
+++ b/src/pkg/manifests/package:pkg:depot.p5m	Thu Jan 08 14:05:04 2015 +0530
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
 #
 
 set name=pkg.fmri value=pkg:/package/pkg/depot@$(PKGVERS)
@@ -34,6 +34,7 @@
 dir  path=etc/pkg/depot/conf.d
 file path=etc/pkg/depot/depot.conf.mako
 file path=etc/pkg/depot/depot_httpd.conf.mako
+file path=etc/pkg/depot/depot_httpd_ssl_protocol.conf
 file path=etc/pkg/depot/depot_index.py pkg.tmp.autopyc=false
 dir  path=lib
 dir  path=lib/svc

--- a/src/setup.py	Wed Nov 19 09:58:50 2014 +0530
+++ b/src/setup.py	Thu Jan 08 14:05:04 2015 +0530
@@ -348,7 +348,7 @@
             os.path.join(web_dir, f) for f in files
             if f != "Makefile"
             ]))
-        # install same set of files in "en/" in "__LOCALE__/ as well" 
+        # install same set of files in "en/" in "__LOCALE__/ as well"
         # for localizable file package (regarding themes, install
         # theme "oracle.com" only)
         if os.path.basename(web_dir) == "en" and \
@@ -394,6 +394,7 @@
         'util/apache2/depot/depot.conf.mako',
         'util/apache2/depot/depot_httpd.conf.mako',
         'util/apache2/depot/depot_index.py',
+        'util/apache2/depot/depot_httpd_ssl_protocol.conf',
         ]
 depot_log_stubs = [
         'util/apache2/depot/logs/access_log',
@@ -935,15 +936,15 @@
             print >> sys.stderr, "--------"
             missing.close()
             print >> sys.stderr, \
-"""Please evaluate whether any of the above file(s) needs localization. 
-If so, please add its name to po/POTFILES.in.  If not (e.g., it's not 
-delivered), please add its name to po/POTFILES.skip. 
+"""Please evaluate whether any of the above file(s) needs localization.
+If so, please add its name to po/POTFILES.in.  If not (e.g., it's not
+delivered), please add its name to po/POTFILES.skip.
 Please be sure to maintain alphabetical ordering in both files."""
             sys.exit(1)
 
         if os.path.exists("po/notexist"):
             print >> sys.stderr, \
-"""The following files are listed in po/POTFILES.in, but no longer exist 
+"""The following files are listed in po/POTFILES.in, but no longer exist
 in the workspace:"""
             notexist = open("po/notexist", "r")
             print >> sys.stderr, "--------"
@@ -1062,7 +1063,7 @@
             else:
                 # not in French part
                 print >> fdst, l,
-        
+
         fsrc.close()
         fdst.close()
 

--- a/src/util/apache2/depot/depot_httpd.conf.mako	Wed Nov 19 09:58:50 2014 +0530
+++ b/src/util/apache2/depot/depot_httpd.conf.mako	Thu Jan 08 14:05:04 2015 +0530
@@ -315,6 +315,7 @@
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 SSLSessionCache shmcb:${cache_dir}/ssl_scache(512000)
+Include ${template_dir}/depot_httpd_ssl_protocol.conf
 </IfModule>
 
 

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/util/apache2/depot/depot_httpd_ssl_protocol.conf	Thu Jan 08 14:05:04 2015 +0530
@@ -0,0 +1,15 @@
+# This configuration file is used to configure the supported SSL
+# protocols.
+# WARNING: Do not delete this file or change its filename.
+#
+# These are the available protocols:
+# SSLv2, SSLV3, TLSv1, TLSv1.1, TLS1.2, All
+#
+# SSLv2 and SSLv3 are disabled by default for security reasons.
+# If you want to change default settings, please refer to the
+# Apache 2.2 documentation:
+# http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol
+#
+
+SSLProtocol All -SSLv2 -SSLv3
+