Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553

author: jim-p <jimp@pfsense.org> 2012-07-18 18:14:22 -0400
committer: jim-p <jimp@pfsense.org> 2012-07-18 18:15:15 -0400
commit: d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f (patch)
tree: 6512d20f215d8fed0e92a501e53fc15117d2d23c /etc
parent: 16187ecf306a242ae345f39414cf405141aae706 (diff)
download: pfsense-d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f.zip
pfsense-d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index fd00408..7148c1c 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1046,7 +1046,7 @@ EOD;
 
 		// Harden SSL a bit for PCI conformance testing
 		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
-		$lighty_config .= "ssl.cipher-list = \"TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH\"\n";
+		$lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n";
 
 		if(!(empty($ca) || (strlen(trim($ca)) == 0)))
 			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
author	jim-p <jimp@pfsense.org>	2012-07-18 18:14:22 -0400
committer	jim-p <jimp@pfsense.org>	2012-07-18 18:15:15 -0400
commit	d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f (patch)
tree	6512d20f215d8fed0e92a501e53fc15117d2d23c /etc
parent	16187ecf306a242ae345f39414cf405141aae706 (diff)
download	pfsense-d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f.zip pfsense-d4f8cb1ad30c15e34a47f2d5c27d0d6ca09b5e2f.tar.gz