no SSLv3 damn it
[ach-master.git] / src / configuration / Webservers / lighttpd / 10-ssl.conf
1 # /usr/share/doc/lighttpd/ssl.txt
2
3 $SERVER["socket"] == "0.0.0.0:443" {
4         ssl.engine = "enable"
5         ssl.use-sslv2 = "disable"
6         ssl.use-sslv3 = "disable"
7         ssl.pemfile = "/etc/lighttpd/server.pem"
8
9         ssl.cipher-list = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
10         ssl.honor-cipher-order = "enable"
11         setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=15768000") # six months
12         # use this only if all subdomains support HTTPS!
13         # setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=15768000; includeSubDomains")
14 }