packages: lighttpd/lighttpd-ssl.conf - mitigate against BEAST attacks, see...
glen
glen at pld-linux.org
Mon Dec 19 15:40:55 CET 2011
Author: glen Date: Mon Dec 19 14:40:55 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- mitigate against BEAST attacks, see https://redmine.lighttpd.net/issues/2364
---- Files affected:
packages/lighttpd:
lighttpd-ssl.conf (1.3 -> 1.4)
---- Diffs:
================================================================
Index: packages/lighttpd/lighttpd-ssl.conf
diff -u packages/lighttpd/lighttpd-ssl.conf:1.3 packages/lighttpd/lighttpd-ssl.conf:1.4
--- packages/lighttpd/lighttpd-ssl.conf:1.3 Fri Sep 18 11:05:10 2009
+++ packages/lighttpd/lighttpd-ssl.conf Mon Dec 19 15:40:50 2011
@@ -2,6 +2,10 @@
#
# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:SSL
+# mitigate against BEAST attacks
+# http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+#ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/server.pem"
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd-ssl.conf?r1=1.3&r2=1.4&f=u
More information about the pld-cvs-commit
mailing list