Deprecated TLS options have been removed.

[packages/lighttpd.git] / ssl.conf

diff --git a/ssl.conf b/ssl.conf
index 15bfb6aeec0daebc1109be5909cda6ee9a7b6ab5..692860c63d22635f21168c477cc9bdf4b6766e56 100644 (file)
--- a/ssl.conf
+++ b/ssl.conf
@@ -9,7 +9,6 @@
 $SERVER["socket"] == ":443" {
        protocol = "https://"
        ssl.engine = "enable"
-       ssl.disable-client-renegotiation = "enable"
 
        # ssl.pemfile: path to the PEM file for SSL support
        # (Should contain both the private key and the certificate)
@@ -19,12 +18,6 @@ $SERVER["socket"] == ":443" {
        # ssl.ca-file: path to the CA file for support of chained certificates
 #      ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
 
-       # for DH/DHE ciphers, dhparam should be >= 2048-bit
-       # Generate with:
-       # openssl dhparam -out dh2048.pem -outform PEM -2 2048
-#      ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
-       # ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
-#      ssl.ec-curve = "secp384r1"
        # Compression is by default off at compile-time, but use if needed
 #      ssl.use-compression = "disable"
 
@@ -36,12 +29,8 @@ $SERVER["socket"] == ":443" {
        # https://ssl-config.mozilla.org/#server=lighttpd&server-version=1.4.54&config=intermediate
        # intermediate configuration, tweak to your needs
        #
-       ssl.use-sslv2 = "disable"
-       ssl.use-sslv3 = "disable"
-       # intermediate configuration, tweak to your needs
        ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
        ssl.cipher-list           = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-       ssl.honor-cipher-order    = "disable"
 
        # HTTP Strict Transport Security (63072000 seconds
        # setenv.add-response-header  = (