[packages/lighttpd] Deprecated TLS options have been removed.
glen
glen at pld-linux.org
Mon Feb 13 23:49:31 CET 2023
commit 00b558aab9e9d6f61ded2644bfcdeaaa74b49195
Author: Elan Ruusamäe <glen at pld-linux.org>
Date: Tue Feb 14 00:48:07 2023 +0200
Deprecated TLS options have been removed.
- ssl.honor-cipher-order
- ssl.dh-file
- ssl.ec-curve
- ssl.disable-client-renegotiation
- ssl.use-sslv2
- ssl.use-sslv3
See https://wiki.lighttpd.net/Docs_SSL for replacements with
`ssl.openssl.ssl-conf-cmd`, but prefer lighttpd defaults instead.
ssl.conf | 11 -----------
1 file changed, 11 deletions(-)
---
diff --git a/ssl.conf b/ssl.conf
index 15bfb6a..692860c 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -9,7 +9,6 @@
$SERVER["socket"] == ":443" {
protocol = "https://"
ssl.engine = "enable"
- ssl.disable-client-renegotiation = "enable"
# ssl.pemfile: path to the PEM file for SSL support
# (Should contain both the private key and the certificate)
@@ -19,12 +18,6 @@ $SERVER["socket"] == ":443" {
# ssl.ca-file: path to the CA file for support of chained certificates
# ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
- # for DH/DHE ciphers, dhparam should be >= 2048-bit
- # Generate with:
- # openssl dhparam -out dh2048.pem -outform PEM -2 2048
-# ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
- # ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
-# ssl.ec-curve = "secp384r1"
# Compression is by default off at compile-time, but use if needed
# ssl.use-compression = "disable"
@@ -36,12 +29,8 @@ $SERVER["socket"] == ":443" {
# https://ssl-config.mozilla.org/#server=lighttpd&server-version=1.4.54&config=intermediate
# intermediate configuration, tweak to your needs
#
- ssl.use-sslv2 = "disable"
- ssl.use-sslv3 = "disable"
- # intermediate configuration, tweak to your needs
ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
- ssl.honor-cipher-order = "disable"
# HTTP Strict Transport Security (63072000 seconds
# setenv.add-response-header = (
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/00b558aab9e9d6f61ded2644bfcdeaaa74b49195
More information about the pld-cvs-commit
mailing list