User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:public:letencrypt_turris_lighttpd [2018/02/23 06:39]
tristone
en:public:letencrypt_turris_lighttpd [2020/04/29 22:59]
honzaberanku disable tls 1.0 a 1.1
Line 103: Line 103:
         ssl.pemfile = "/​etc/​lighttpd/​hostkey.pem"​         ssl.pemfile = "/​etc/​lighttpd/​hostkey.pem"​
         ssl.ca-file = "/​etc/​lighttpd/​fullchain.crt"​         ssl.ca-file = "/​etc/​lighttpd/​fullchain.crt"​
 +        # due to TLS v1.0 and v1.1 deprication browsers do not accept https on Turris anymore
 +        # this helped: (source: https://​redmine.lighttpd.net/​boards/​2/​topics/​8536)
 +         ​ssl.openssl.ssl-conf-cmd = ("​Ciphersuites"​ => "​TLS_AES_128_GCM_SHA256"​)+("​Protocol"​ => "-ALL, TLSv1.3"​)+("​Curves"​ => "​secp384r1"​)
 +         ​ssl.use-sslv2 = "​disable" ​
 +         ​ssl.use-sslv3 = "​disable" ​
 } }
  
Line 109: Line 114:
         ssl.pemfile = "/​etc/​lighttpd/​hostkey.pem"​         ssl.pemfile = "/​etc/​lighttpd/​hostkey.pem"​
         ssl.ca-file = "/​etc/​lighttpd/​fullchain.crt"​         ssl.ca-file = "/​etc/​lighttpd/​fullchain.crt"​
 +        # due to TLS v1.0 and v1.1 deprication browsers do not accept https on Turris anymore
 +        # this helped: (source: https://​redmine.lighttpd.net/​boards/​2/​topics/​8536)
 +         ​ssl.openssl.ssl-conf-cmd = ("​Ciphersuites"​ => "​TLS_AES_128_GCM_SHA256"​)+("​Protocol"​ => "-ALL, TLSv1.3"​)+("​Curves"​ => "​secp384r1"​)
 +         ​ssl.use-sslv2 = "​disable" ​
 +         ​ssl.use-sslv3 = "​disable" ​
 } }
 </​file>​ </​file>​