]>
Commit | Line | Data |
---|---|---|
e026bd5c ER |
1 | # lighttpd support for SSLv2 and SSLv3 |
2 | # | |
34b8d937 | 3 | # Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:SSL |
e026bd5c | 4 | |
bd6c17df ER |
5 | # mitigate against BEAST attacks |
6 | # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html | |
7 | #ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" | |
8 | ||
e026bd5c ER |
9 | $SERVER["socket"] == ":443" { |
10 | ssl.engine = "enable" | |
11 | ssl.pemfile = "/etc/lighttpd/server.pem" | |
34b8d937 ER |
12 | # ssl.ca-file = "/etc/certs/ca-certificates.crt" |
13 | ||
e026bd5c | 14 | $HTTP["useragent"] =~ "MSIE" { |
cf9b1bc9 | 15 | server.max-keep-alive-requests = 0 |
e026bd5c ER |
16 | } |
17 | } |