Commit c849de0b authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

webgui, harden ssl. https://weakdh.org/

(cherry picked from commit c5f11e99)
parent 282d9ad6
......@@ -324,6 +324,8 @@ EOD;
$ssl_config = "\n";
$ssl_config .= "## ssl configuration\n";
$ssl_config .= "ssl.engine = \"enable\"\n";
$ssl_config .= "ssl.dh-file = \"/usr/local/etc/dh-parameters.4096\"\n";
$ssl_config .= "ssl.ec-curve = \"secp384r1\"\n";
$ssl_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
// Harden SSL a bit for PCI conformance testing
......@@ -333,7 +335,6 @@ EOD;
} else {
$ssl_config .= 'ssl.cipher-list = "'.$config['system']['webgui']['ssl-ciphers'].'"' . PHP_EOL;
}
if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
$ssl_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment