diff options
| author | Marcus Rückert <darix@opensu.se> | 2013-08-15 10:33:00 +0000 |
|---|---|---|
| committer | Marcus Rückert <darix@opensu.se> | 2013-08-15 10:33:00 +0000 |
| commit | 292b8d621b7b561b567b8a1cde4a52974fa2bd36 (patch) | |
| tree | d8f05b617f8bde745952eef59dadfec135de6802 /doc | |
| parent | f8e9462d2f7556edcc1d0cf09ac7321fa339d057 (diff) | |
| download | lighttpd-git-292b8d621b7b561b567b8a1cde4a52974fa2bd36.tar.gz | |
move ssl.disable-client-renegotiation and added note that it currently doesnt work inside conditionals
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2889 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/config/lighttpd.conf | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/config/lighttpd.conf b/doc/config/lighttpd.conf index 47d67292..5f901f16 100644 --- a/doc/config/lighttpd.conf +++ b/doc/config/lighttpd.conf @@ -391,6 +391,14 @@ server.upload-dirs = ( "/var/tmp" ) ## hosting with SSL. If you want to run multiple SSL servers with ## one lighttpd instance you must use IP-based virtual hosting: :: ## +## Mitigate CVE-2009-3555 by disabling client triggered renegotation +## This is enabled by default. +## +## IMPORTANT: this setting can only be used in the global scope. +## It does *not* work inside conditionals +## +# ssl.disable-client-renegotiation = "enable" +## ## $SERVER["socket"] == "10.0.0.1:443" { ## ssl.engine = "enable" ## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" @@ -408,11 +416,6 @@ server.upload-dirs = ( "/var/tmp" ) ## # ## # ssl.honor-cipher-order = "enable" ## # -## # Mitigate CVE-2009-3555 by disabling client triggered renegotation -## # This is enabled by default. -## # -## # ssl.disable-client-renegotiation = "enable" -## # ## server.name = "www.example.com" ## ## server.document-root = "/srv/www/vhosts/example.com/www/" |