Revert "no SSLv3 damn it"
authorAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 12:21:05 +0000 (14:21 +0200)
committerAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 12:21:05 +0000 (14:21 +0200)
This reverts commit a4fed6e2245d31aca055f599617902a8a2deb2f4.

src/configuration/Webservers/lighttpd/10-ssl-dh.conf
src/configuration/Webservers/lighttpd/10-ssl.conf

index 6c55494..b1a64d6 100644 (file)
@@ -6,7 +6,7 @@ $SERVER["socket"] == "0.0.0.0:443" {
        ssl.use-sslv3 = "disable"
        ssl.pemfile = "/etc/lighttpd/server.pem"
 
-       ssl.cipher-list = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
+       ssl.cipher-list = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
        ssl.honor-cipher-order = "enable"
     # use group16 dh parameters
        ssl.dh-file = "/etc/lighttpd/ssl/dh4096.pem"
index da98238..5e4a7b8 100644 (file)
@@ -6,9 +6,9 @@ $SERVER["socket"] == "0.0.0.0:443" {
        ssl.use-sslv3 = "disable"
        ssl.pemfile = "/etc/lighttpd/server.pem"
 
-       ssl.cipher-list = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
+       ssl.cipher-list = "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
        ssl.honor-cipher-order = "enable"
        setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=15768000") # six months
        # use this only if all subdomains support HTTPS!
        # setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=15768000; includeSubDomains")
-}
+}
\ No newline at end of file