Bug #2777: Disabling TLS1.0 using lighttpd.conf - Lighttpd - lighty labs

Actions

Copy link

Bug #2777

closed

Disabling TLS1.0 using lighttpd.conf

Added by AshHema over 8 years ago. Updated over 8 years ago.

Status:

Invalid

Priority:

Normal

Category:

TLS

Target version:

ASK QUESTIONS IN Forums:

Description

Hi ,
My system is

OpenSSL 1.0.1p
 lighttpd :lighttpd-1.4.23

Am trying to disable TLS1.0 through lighttpd.conf and have followed the same steps as mentioned in the link
https://redmine.lighttpd.net/boards/2/topics/6749?r=6755#message-6755

I also tried steps mentioned in the link for lighttpd
https://cipherli.st/

After I do the changes as mentioned in the link,I see that TLSv1.0 is still accepted

Apart from sslscan,is there any way I ensure that TLSv1.0 is disabled?
Am very new to this and have just started working with lighttpd.

Please suggest inputs regarding the same.
Thanks in advance.

Below is my lighttpd.conf

(..)
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.use-compression = "disable"
ssl.disable-client-renegotiation = "enable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:\
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:\
DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:\
ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:\
ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:\
DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:\
!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

setenv.add-response-header = (
            "Strict-Transport-Security" => "max-age=63072000; includeSubDomains; preload",
                "X-Frame-Options" => "DENY",
                    "X-Content-Type-Options" => "nosniff" 
                    )
(..)

Related issues 1 (0 open — 1 closed)