From 65c1277420bcbbdf74ac4e3ac734223dca9608f4 Mon Sep 17 00:00:00 2001 From: Jakub Kadlcik Date: Mon, 22 Nov 2021 00:15:22 +0100 Subject: [PATCH] copr: remove deprecated lighttpd settings SSL: ssl.use-sslv2 is deprecated and will soon be removed. It is disabled by default. Many modern TLS libraries no longer support SSLv2. SSL: ssl.use-sslv3 is deprecated and will soon be removed. It is disabled by default. Many modern TLS libraries no longer support SSLv3 --- roles/copr/backend/templates/lighttpd/lighttpd.conf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/copr/backend/templates/lighttpd/lighttpd.conf b/roles/copr/backend/templates/lighttpd/lighttpd.conf index 06f20c2b1f..89f39ab127 100644 --- a/roles/copr/backend/templates/lighttpd/lighttpd.conf +++ b/roles/copr/backend/templates/lighttpd/lighttpd.conf @@ -484,8 +484,6 @@ $SERVER["socket"] == "{{ https_bind }}" { ssl.pemfile = "/etc/lighttpd/copr-be.cloud.fedoraproject.org.pem" ssl.ca-file = "/etc/lighttpd/copr-be.cloud.fedoraproject.org.intermediate.cert" ssl.disable-client-renegotiation = "enable" - ssl.use-sslv2 = "disable" - ssl.use-sslv3 = "disable" ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" } {% else %} @@ -504,8 +502,6 @@ $SERVER["socket"] == "{{ https_bind }}" { # The following is OPTIONAL ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" ssl.use-compression = "disable" - ssl.use-sslv2 = "disable" - ssl.use-sslv3 = "disable" } {% endif %} {% endfor %}