Revision 3cd2ea2c
Added by Jim Pingle almost 13 years ago
| etc/inc/system.inc | ||
|---|---|---|
| 1193 | 1193 |
|
| 1194 | 1194 |
// Harden SSL a bit for PCI conformance testing |
| 1195 | 1195 |
$lighty_config .= "ssl.use-sslv2 = \"disable\"\n"; |
| 1196 |
$lighty_config .= "ssl.cipher-list = \"TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH\"\n";
|
|
| 1196 |
$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
|
|
| 1197 | 1197 |
|
| 1198 | 1198 |
if(!(empty($ca) || (strlen(trim($ca)) == 0))) |
| 1199 | 1199 |
$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
|
Also available in: Unified diff
Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553