summaryrefslogtreecommitdiffstats
path: root/etc/inc/system.inc
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2014-12-05 15:05:47 -0600
committerChris Buechler <cmb@pfsense.org>2014-12-05 15:06:18 -0600
commita4e07bafab3eb8ecc33449d6f51f0fd89ad6c784 (patch)
treef658aa913743932d8c0040fd957fd6a68f9bf56d /etc/inc/system.inc
parent72e79bc7582047cc35a34871c3c1d21ab0bbd18d (diff)
downloadpfsense-a4e07bafab3eb8ecc33449d6f51f0fd89ad6c784.zip
pfsense-a4e07bafab3eb8ecc33449d6f51f0fd89ad6c784.tar.gz
Disable RC4 ciphers in lighttpd
Diffstat (limited to 'etc/inc/system.inc')
-rw-r--r--etc/inc/system.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 38b7b9a..3843508 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1328,9 +1328,9 @@ EOD;
if (isset($config['system']['webgui']['beast_protection'])) {
$lighty_config .= "ssl.honor-cipher-order = \"enable\"\n";
- $lighty_config .= "ssl.cipher-list = \"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM\"\n";
+ $lighty_config .= "ssl.cipher-list = \"ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM\"\n";
} else {
- $lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
+ $lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
}
if(!(empty($ca) || (strlen(trim($ca)) == 0)))
OpenPOWER on IntegriCloud