Bug #2180
closed"ssl.use-sslv2 = disabled", but enabled anyway
Description
if one defines SSL blocks for different IPs or ports that are enabled with
"ssl.use-sslv2 = enabled"
all other following SSL blocks are enabled, too. That is even true when using
"ssl.use-sslv2 = disabled"
for those blocks.
I am using about 100 SSL blocks in one lighty conf and trying to enable sslv2 for some of the blocks. It seems like one can only disable or enable for all SSL blocks at the same time.
Cheers,
T
Updated by stbuehler almost 15 years ago
Would be nice if you have a config example with 2 ips
Updated by tpath almost 15 years ago
an example /w three SSL blocks (x, y and z is what ever you like; "disable" for y and z will not work):
...
$SERVER["socket"] == "x:443" {
# block 36
url.redirect = ()
ssl.engine = "enable"
ssl.use-sslv2 = "enabled"
ssl.pemfile = "/opt/pdp/opst/lighttpd/certs/x.pem"
ssl.ca-file = "/opt/pdp/opst/lighttpd/certs/x.ca"
} # end of $SERVER["socket"] == "x:443"
$SERVER["socket"] == "y:443" {
# block 37
url.redirect = ()
ssl.engine = "enable"
ssl.use-sslv2 = "disable"
ssl.pemfile = "/opt/pdp/opst/lighttpd/certs/y.pem"
ssl.ca-file = "/opt/pdp/opst/lighttpd/certs/y.ca"
} # end of $SERVER["socket"] == "y:443"
$SERVER["socket"] == "z:443" {
# block 38
url.redirect = ()
ssl.engine = "enable"
ssl.use-sslv2 = "disable"
ssl.pemfile = "/opt/pdp/opst/lighttpd/certs/z.pem"
ssl.ca-file = "/opt/pdp/opst/lighttpd/certs/z.ca"
} # end of $SERVER["socket"] == "z:443"
...
Cheers,
T
Updated by stbuehler almost 15 years ago
- Status changed from New to Need Feedback
- Priority changed from High to Normal
I can't reproduce it:
$SERVER["socket"] == "127.0.0.2:8443" {
ssl.engine = "enable"
ssl.pemfile = cwd + "/server.pem"
ssl.use-sslv2 = "enable"
}
$SERVER["socket"] == "127.0.0.3:8443" {
ssl.engine = "enable"
ssl.pemfile = cwd + "/server.pem"
ssl.use-sslv2 = "disable"
}
$SERVER["socket"] == "127.0.0.1:8443" {
ssl.engine = "enable"
ssl.pemfile = cwd + "/server.pem"
ssl.use-sslv2 = "disable"
}
I tested with curl -2 and openssl s_client -ssl2 - both only worked with 127.0.0.2, not with .1 or .3
We need more details: what version are you using, how are you testing, ...
Updated by stbuehler almost 15 years ago
- Status changed from Need Feedback to Missing Feedback
Updated by gstrauss about 1 year ago
- Status changed from Missing Feedback to Obsolete
- ASK QUESTIONS IN Forums set to No
modern TLS libraries have dropped support for SSLv2 and SSLv3.
SSLv2 and SSLv3 are also disabled by default in modern lighttpd, even if the underlying TLS libraries support them.
Also available in: Atom