Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

copr: remove deprecated lighttpd settings

Browse source 
SSL: ssl.use-sslv2 is deprecated and will soon be removed.  It is
    disabled by default.  Many modern TLS libraries no longer support
    SSLv2.

    SSL: ssl.use-sslv3 is deprecated and will soon be removed.  It is
    disabled by default.  Many modern TLS libraries no longer support
    SSLv3
This commit is contained in:
Jakub Kadlcik 2021-11-22 00:15:22 +01:00
parent ff13249e2c
commit 65c1277420
1 changed files with 0 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/copr/backend/templates/lighttpd/lighttpd.conf
View file

@ -484,8 +484,6 @@ $SERVER["socket"] == "{{ https_bind }}" {
ssl.pemfile = "/etc/lighttpd/copr-be.cloud.fedoraproject.org.pem"
ssl.ca-file = "/etc/lighttpd/copr-be.cloud.fedoraproject.org.intermediate.cert"
ssl.disable-client-renegotiation = "enable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
}
{% else %}
@ -504,8 +502,6 @@ $SERVER["socket"] == "{{ https_bind }}" {
# The following is OPTIONAL
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
{% endif %}
{% endfor %}