diff options
| author | habeascodice <habeascodice@federated.social> | 2014-10-29 03:39:07 -0700 |
|---|---|---|
| committer | habeascodice <habeascodice@federated.social> | 2014-10-29 03:39:07 -0700 |
| commit | bc02b933727da7a000d43d2d7d495f066616dc81 (patch) | |
| tree | e590b70757edb94655872f5b992f143cead61eb3 /doc/install | |
| parent | fc12123329133cea39f27615a7c24c57e5b4a35d (diff) | |
| parent | 7d9f785758ee6e4c19838e532f9930e227e95fc6 (diff) | |
| download | volse-hubzilla-bc02b933727da7a000d43d2d7d495f066616dc81.tar.gz volse-hubzilla-bc02b933727da7a000d43d2d7d495f066616dc81.tar.bz2 volse-hubzilla-bc02b933727da7a000d43d2d7d495f066616dc81.zip | |
Merge remote branch 'upstream/master'
Diffstat (limited to 'doc/install')
| -rw-r--r-- | doc/install/sample-lighttpd.conf | 5 | ||||
| -rw-r--r-- | doc/install/sample-nginx.conf | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/doc/install/sample-lighttpd.conf b/doc/install/sample-lighttpd.conf index 721fa25ea..db26c3b64 100644 --- a/doc/install/sample-lighttpd.conf +++ b/doc/install/sample-lighttpd.conf @@ -67,6 +67,11 @@ $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.ca-file = "/etc/lighttpd/certs/ca-certs.crt" #adjust to your needs ssl.pemfile = "/etc/lighttpd/certs/red-ssl.crt" #adjust to your needs + + ssl.use-compression = "disable" + ssl.use-sslv2 = "disable" + ssl.use-sslv3 = "disable" + ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" } ### RISTRICT ACCESS TO DIRECTORYS AND FILES diff --git a/doc/install/sample-nginx.conf b/doc/install/sample-nginx.conf index dd3b63d3b..f533d8ee0 100644 --- a/doc/install/sample-nginx.conf +++ b/doc/install/sample-nginx.conf @@ -56,7 +56,7 @@ server { ssl_certificate_key /etc/nginx/ssl/example.net.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; ssl_prefer_server_ciphers on; fastcgi_param HTTPS on; |