diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-12-05 15:05:47 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-12-05 15:05:47 -0600 |
commit | fa10244f3fe645c5cfdeb1e756f3727ade3dcf3e (patch) | |
tree | 2fe151d48ba12ce492c16ce13d54e549bafdad99 /etc | |
parent | 56c6993c26946ce724dd00c41a4464a26bfebad4 (diff) | |
download | pfsense-fa10244f3fe645c5cfdeb1e756f3727ade3dcf3e.zip pfsense-fa10244f3fe645c5cfdeb1e756f3727ade3dcf3e.tar.gz |
Disable RC4 ciphers in lighttpd
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/system.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 38b7b9a..3843508 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1328,9 +1328,9 @@ EOD; if (isset($config['system']['webgui']['beast_protection'])) { $lighty_config .= "ssl.honor-cipher-order = \"enable\"\n"; - $lighty_config .= "ssl.cipher-list = \"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM\"\n"; + $lighty_config .= "ssl.cipher-list = \"ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!EDH:!AESGCM\"\n"; } else { - $lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n"; + $lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:!aNULL:!eNULL:!3DES:@STRENGTH\"\n"; } if(!(empty($ca) || (strlen(trim($ca)) == 0))) |