[packages/lighttpd.git] / lighttpd-ssl.conf

# lighttpd support for SSLv2 and SSLv3
#
# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:SSL

# mitigate against BEAST attacks
# http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
#ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

$SERVER["socket"] == ":443" {
	ssl.engine = "enable"
	ssl.pemfile = "/etc/lighttpd/server.pem"
#	ssl.ca-file = "/etc/certs/ca-certificates.crt"

	$HTTP["useragent"] =~ "MSIE" {
		server.max-keep-alive-requests = 0
	}
}
Commit	Line	Data
e026bd5c ER	1	# lighttpd support for SSLv2 and SSLv3
e026bd5c ER	2	#
34b8d937	3	# Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:SSL
e026bd5c	4
bd6c17df ER	5	# mitigate against BEAST attacks
	6	# http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
	7	#ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
	8
e026bd5c ER	9	$SERVER["socket"] == ":443" {
	10	ssl.engine = "enable"
	11	ssl.pemfile = "/etc/lighttpd/server.pem"
34b8d937 ER	12	# ssl.ca-file = "/etc/certs/ca-certificates.crt"
34b8d937 ER	13
e026bd5c	14	$HTTP["useragent"] =~ "MSIE" {
cf9b1bc9	15	server.max-keep-alive-requests = 0
e026bd5c ER	16	}
e026bd5c ER	17	}