Revision 0d443728
Added by Renato Botelho over 10 years ago
etc/inc/system.inc | ||
---|---|---|
1464 | 1464 |
// where ssl.cipher-list is set, this is automatically enabled, but set it explicitly anyway. |
1465 | 1465 |
$lighty_config .= "ssl.honor-cipher-order = \"enable\"\n"; |
1466 | 1466 |
|
1467 |
// Explicit disable compression to mitigate CRIME attack |
|
1468 |
$lighty_config .= "ssl.use-compression = \"disable\"\n"; |
|
1469 |
|
|
1467 | 1470 |
$lighty_config .= "ssl.cipher-list = \"AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS\"\n"; |
1468 | 1471 |
|
1469 | 1472 |
if (!(empty($ca) || (strlen(trim($ca)) == 0))) { |
Also available in: Unified diff
Explicit disable ssl.use-compression on lighty config. It should fix #4230