Revision 38b3fab7
Added by Chris Buechler about 10 years ago
etc/inc/system.inc | ||
---|---|---|
1344 | 1344 |
// where ssl.cipher-list is set, this is automatically enabled, but set it explicitly anyway. |
1345 | 1345 |
$lighty_config .= "ssl.honor-cipher-order = \"enable\"\n"; |
1346 | 1346 |
|
1347 |
// Explicit disable compression to mitigate CRIME attack |
|
1348 |
$lighty_config .= "ssl.use-compression = \"disable\"\n"; |
|
1349 |
|
|
1350 | 1347 |
$lighty_config .= "ssl.cipher-list = \"AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS\"\n"; |
1351 | 1348 |
|
1352 | 1349 |
if(!(empty($ca) || (strlen(trim($ca)) == 0))) |
Also available in: Unified diff
use-compression is no longer a valid config option in lighttpd, it can't be enabled. This just throws an error in the log, remove it.