Project

General

Profile

« Previous | Next » 

Revision 0d443728

Added by Renato Botelho over 10 years ago

Explicit disable ssl.use-compression on lighty config. It should fix #4230

View differences:

etc/inc/system.inc
1464 1464
		// where ssl.cipher-list is set, this is automatically enabled, but set it explicitly anyway.
1465 1465
		$lighty_config .= "ssl.honor-cipher-order = \"enable\"\n";
1466 1466

  
1467
		// Explicit disable compression to mitigate CRIME attack
1468
		$lighty_config .= "ssl.use-compression = \"disable\"\n";
1469

  
1467 1470
		$lighty_config .= "ssl.cipher-list = \"AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS\"\n";
1468 1471

  
1469 1472
		if (!(empty($ca) || (strlen(trim($ca)) == 0))) {

Also available in: Unified diff