|
|
|
@ -394,8 +394,25 @@ server.upload-dirs = ( "/var/tmp" )
|
|
|
|
|
## $SERVER["socket"] == "10.0.0.1:443" { |
|
|
|
|
## ssl.engine = "enable" |
|
|
|
|
## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" |
|
|
|
|
## # |
|
|
|
|
## # Mitigate BEAST attack: |
|
|
|
|
## # |
|
|
|
|
## # A stricter base cipher suite. For details see: |
|
|
|
|
## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html |
|
|
|
|
## ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" |
|
|
|
|
## # |
|
|
|
|
## ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" |
|
|
|
|
## # |
|
|
|
|
## # Make the server prefer the order of the server side cipher suite instead of the client suite. |
|
|
|
|
## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms). |
|
|
|
|
## # This option is enabled by default, but only used if ssl.ciphers is set. |
|
|
|
|
## # |
|
|
|
|
## # ssl.honor-cipher-order = "enable" |
|
|
|
|
## # |
|
|
|
|
## # Mitigate CVE-2009-3555 by disabling client triggered renegotation |
|
|
|
|
## # This is enabled by default. |
|
|
|
|
## # |
|
|
|
|
## # ssl.disable-client-renegotiation = "enable" |
|
|
|
|
## # |
|
|
|
|
## server.name = "www.example.com" |
|
|
|
|
## |
|
|
|
|
## server.document-root = "/srv/www/vhosts/example.com/www/" |
|
|
|
|