[Solved] Help disabling sslv3
Added by austin.watling over 9 years ago
Hello,
Let me start by saying that I am an amateur when it comes to lighttpd and am learning as much as I can as quickly as I can but I have come to the point where I need to disable sslv3 on the webserver I inherited and I am unsure exactly how to proceed. I have tried to follow the simple instructions I have found all over the web but they state to add the two disable lines under the ssl.engine="enable" line. The lighttpd.conf file for this webserver does that have a ssl.engine line although I discovered that the 10-ssl.conf file (obviously) does. So my question(s) are, can I edit the 10-ssl file, restart the server and that will disable sslv3? Or do I have to enable ssl in the lighttpd.conf file so I can then disable it? Once again, I apologize for being a novice but any help is greatly appreciated!
Replies (2)
RE: Help disabling sslv3 - Added by nitrox over 9 years ago
Use ssl.use-sslv3 = "disable" in the server socket part, or reorder the cipher list:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
...
...
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "AES256+EECDH:AES256+EDH:!aNULL:!eNULL"
}
Something like that should do the trick. If you have nmap at hand, try this: nmap --script ssl-enum-ciphers -p 443 <yourserver>
RE: Help disabling sslv3 - Added by austin.watling over 9 years ago
Thank you for your help! I was able to disable sslv3 and learn a few things along the way. Thank you again.