[pkg-lighttpd] r560 - in lighttpd/trunk/debian: . conf-available

Arno Töll debian at toell.net
Sun Dec 18 21:20:09 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18.12.2011 21:34, Olaf van der Spek wrote:
> On Sun, Dec 18, 2011 at 8:28 PM, Arno Töll
> <atoell-guest at alioth.debian.org> wrote:
>> +       ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
> 
> Why isn't the upstream ssl.ciphers default updated?
> It's not right to hard-code a list of ciphers.

That's the "official" advise to deal with the problem, for good or not.
Together with the new  ssl.honor-cipher-order option by the way. The
default can't be updated, as there is no default in the code since
OpenSSL does not need it to operate properly and lighttpd hence does not
set it.


I fixed ssl.ciphers already, as it really should be ssl.cipher-list as
you read this.

- -- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO7lkJAAoJEMcrUe6dgPNtJrsP/A0+613HRXh++bf+OtOBMHmR
YFik5cprlGz5rqslkbfI2TQP47Ng70v5B5pzPMnwURcvazWDZThacirwvpl1fa0G
WzUYcOhTFcO7MkkEYSWlEKWIqP/1/xMwsYoYsgMvma3I7NRdWIXHvEqacjhlwQaX
ND3fJQ7khyhsUg8aUYqKTSSjYUlQKCryzpPSamBQmge0L9vgS3OWBDC58+hCToaN
r75Adzt7dU/9wfWhNiisGyfS04P0cOD9GXk76gcZB4mUwJNYOyB6pxeECZXB+Tx3
gErzsYgw+DL5oKRhzDLup+SFewKM3v/5nBc3madaLcQXFpOKFvWB7ov6txwb+VBD
jRsw/omr93Q+SHS5p6K90ij533L0FlT89HokIr3+s8DZyoJT/fQYUFMyYplPfJTS
XuAEfxhINjYRNYtvLL4UtOMt127KmEo+nJLbRdvRt7H6ekBkzON5kJZQohp94Lht
Ff6yDgWYWPYD8josSROhPh1G/XRiotksqbKSMgYGHDAy6hOeGYg7xyEPaozRz70d
T3J8KRsR2b28481naZx6tNNEud5bFfT7b0AkIKBGyJSALBv/6jkWFErBioYi6NI9
DE0ewBilNHGAvYMmHHtizSgTugWAZmGdM/ew5VWgWBlCfaIHey+EuA8FThxxFXSx
fxfnMzblacYCsLfbBSux
=Esjb
-----END PGP SIGNATURE-----



More information about the pkg-lighttpd-maintainers mailing list