From: Elan Ruusamäe <glen@pld-linux.org>
Date: Mon, 19 Dec 2011 14:40:50 +0000 (+0000)
Subject: - mitigate against BEAST attacks, see https://redmine.lighttpd.net/issues/2364
X-Git-Tag: auto/th/lighttpd-1_4_30-2~3
X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=bd6c17df3946bf9eb85b3387cd94c523f0153200;p=packages%2Flighttpd.git

- mitigate against BEAST attacks, see https://redmine.lighttpd.net/issues/2364

Changed files:
    lighttpd-ssl.conf -> 1.4
---

diff --git a/lighttpd-ssl.conf b/lighttpd-ssl.conf
index 329c32b..aabab21 100644
--- a/lighttpd-ssl.conf
+++ b/lighttpd-ssl.conf
@@ -2,6 +2,10 @@
 #
 # Documentation: http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:SSL
 
+# mitigate against BEAST attacks
+# http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+#ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+
 $SERVER["socket"] == ":443" {
 	ssl.engine = "enable"
 	ssl.pemfile = "/etc/lighttpd/server.pem"