diff options
author | Stefan Bühler <stbuehler@web.de> | 2014-01-20 12:07:36 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2014-01-20 12:07:36 +0000 |
commit | 3ca6adc2332be2ca18b66698a759fae5831f164f (patch) | |
tree | fa43a96fc06021d1109fd871bccd456e827532aa | |
parent | d7c90814c3c1cecefbf7e1866fe3a4950ff8e07b (diff) | |
download | lighttpd-git-3ca6adc2332be2ca18b66698a759fae5831f164f.tar.gz |
[docs] add !kPSK to the cipher string recommendation as the comments before already mentionlighttpd-1.4.34
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2933 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | doc/config/lighttpd.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/config/lighttpd.conf b/doc/config/lighttpd.conf index 30129cda..60b0ae1e 100644 --- a/doc/config/lighttpd.conf +++ b/doc/config/lighttpd.conf @@ -411,11 +411,11 @@ server.upload-dirs = ( "/var/tmp" ) ## # so you might want to support 3DES for now - just remove the '!3DES' parts below). ## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA' ## # if you don't want that. -## # - SRP and PSK are not supported anyway, excluding those just keeps the list smaller (easier to review) +## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review) ## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes) ## # ## # If you know you have RSA keys (standard), you can use: -## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP" +## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" ## # The more generic version (without the restriction to RSA keys) is ## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK" ## # |