[packages/lighttpd] Deprecated TLS options have been removed.

glen glen at pld-linux.org
Mon Feb 13 23:49:31 CET 2023 

commit 00b558aab9e9d6f61ded2644bfcdeaaa74b49195
Author: Elan Ruusamäe <glen at pld-linux.org>
Date:   Tue Feb 14 00:48:07 2023 +0200

    Deprecated TLS options have been removed.
    
    - ssl.honor-cipher-order
    - ssl.dh-file
    - ssl.ec-curve
    - ssl.disable-client-renegotiation
    - ssl.use-sslv2
    - ssl.use-sslv3
    
    See https://wiki.lighttpd.net/Docs_SSL for replacements with
    `ssl.openssl.ssl-conf-cmd`, but prefer lighttpd defaults instead.

 ssl.conf | 11 -----------
 1 file changed, 11 deletions(-)
---
diff --git a/ssl.conf b/ssl.conf
index 15bfb6a..692860c 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -9,7 +9,6 @@
 $SERVER["socket"] == ":443" {
 	protocol = "https://"
 	ssl.engine = "enable"
-	ssl.disable-client-renegotiation = "enable"
 
 	# ssl.pemfile: path to the PEM file for SSL support
 	# (Should contain both the private key and the certificate)
@@ -19,12 +18,6 @@ $SERVER["socket"] == ":443" {
 	# ssl.ca-file: path to the CA file for support of chained certificates
 #	ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
 
-	# for DH/DHE ciphers, dhparam should be >= 2048-bit
-	# Generate with:
-	# openssl dhparam -out dh2048.pem -outform PEM -2 2048
-#	ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
-	# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
-#	ssl.ec-curve = "secp384r1"
 	# Compression is by default off at compile-time, but use if needed
 #	ssl.use-compression = "disable"
 
@@ -36,12 +29,8 @@ $SERVER["socket"] == ":443" {
 	# https://ssl-config.mozilla.org/#server=lighttpd&server-version=1.4.54&config=intermediate
 	# intermediate configuration, tweak to your needs
 	#
-	ssl.use-sslv2 = "disable"
-	ssl.use-sslv3 = "disable"
-	# intermediate configuration, tweak to your needs
 	ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
 	ssl.cipher-list           = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-	ssl.honor-cipher-order    = "disable"
 
 	# HTTP Strict Transport Security (63072000 seconds
 	# setenv.add-response-header  = (
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/00b558aab9e9d6f61ded2644bfcdeaaa74b49195

More information about the pld-cvs-commit mailing list