[ssl] add option to honor server cipher order, true by default (fixes #2364)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2810 152afb58-edef-0310-8abb-c4023f1b3aa9
author: Stefan Bühler <stbuehler@web.de> 2011-11-30 19:59:24 +0000
committer: Stefan Bühler <stbuehler@web.de> 2011-11-30 19:59:24 +0000
commit: 0f96222e7e3ca51767cf13144ec5d777b8869677 (patch)
tree: 4fd6d9162d8c0b08eb5632d03f7c51875783350d /doc/config/lighttpd.conf
parent: 8c482a496d31ddd08029a9b82c51d5831ae4d659 (diff)
download: lighttpd-git-0f96222e7e3ca51767cf13144ec5d777b8869677.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/config/lighttpd.conf b/doc/config/lighttpd.conf
index efe96be4..e5c6722b 100644
--- a/doc/config/lighttpd.conf
+++ b/doc/config/lighttpd.conf
@@ -394,6 +394,8 @@ server.upload-dirs = ( "/var/tmp" )
 ##   $SERVER["socket"] == "10.0.0.1:443" {
 ##     ssl.engine                  = "enable"
 ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
+##     # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
+##     ssl.ciphers                 = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 ##     server.name                 = "www.example.com"
 ##
 ##     server.document-root        = "/srv/www/vhosts/example.com/www/"
author	Stefan Bühler <stbuehler@web.de>	2011-11-30 19:59:24 +0000
committer	Stefan Bühler <stbuehler@web.de>	2011-11-30 19:59:24 +0000
commit	0f96222e7e3ca51767cf13144ec5d777b8869677 (patch)
tree	4fd6d9162d8c0b08eb5632d03f7c51875783350d /doc/config/lighttpd.conf
parent	8c482a496d31ddd08029a9b82c51d5831ae4d659 (diff)
download	lighttpd-git-0f96222e7e3ca51767cf13144ec5d777b8869677.tar.gz