diff options
author | marijus <mario@mariovavti.com> | 2014-10-16 22:52:28 +0200 |
---|---|---|
committer | marijus <mario@mariovavti.com> | 2014-10-16 22:52:28 +0200 |
commit | 1ee2b631db1afdec9672c72f6a27f99cfc853fd6 (patch) | |
tree | 5dc60ef897cc77ffed1a0267e5b4d558337b4ac3 /doc | |
parent | d4abc91d1ffad2784837e1446beef1223f98f19a (diff) | |
download | volse-hubzilla-1ee2b631db1afdec9672c72f6a27f99cfc853fd6.tar.gz volse-hubzilla-1ee2b631db1afdec9672c72f6a27f99cfc853fd6.tar.bz2 volse-hubzilla-1ee2b631db1afdec9672c72f6a27f99cfc853fd6.zip |
lighttpd sample conf security enhancement
Diffstat (limited to 'doc')
-rw-r--r-- | doc/install/sample-lighttpd.conf | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/install/sample-lighttpd.conf b/doc/install/sample-lighttpd.conf index 721fa25ea..db26c3b64 100644 --- a/doc/install/sample-lighttpd.conf +++ b/doc/install/sample-lighttpd.conf @@ -67,6 +67,11 @@ $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.ca-file = "/etc/lighttpd/certs/ca-certs.crt" #adjust to your needs ssl.pemfile = "/etc/lighttpd/certs/red-ssl.crt" #adjust to your needs + + ssl.use-compression = "disable" + ssl.use-sslv2 = "disable" + ssl.use-sslv3 = "disable" + ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" } ### RISTRICT ACCESS TO DIRECTORYS AND FILES |