summaryrefslogtreecommitdiffstats
path: root/lighttpd.conf
diff options
context:
space:
mode:
authormischa <mischa@rx.high5.nl>2019-03-23 10:36:42 +0100
committermischa <mischa@rx.high5.nl>2019-03-23 10:36:42 +0100
commite3375aa9b4f37cca71abd32aadf577c7b40c712f (patch)
tree062657934d1d6c88db017975f64ee240564d5f7b /lighttpd.conf
parentd6ecac0f66c0fb573650c682e12b41800a76de36 (diff)
better cipher suite
Diffstat (limited to 'lighttpd.conf')
-rw-r--r--lighttpd.conf2
1 files changed, 1 insertions, 1 deletions
diff --git a/lighttpd.conf b/lighttpd.conf
index a7852dc..d0dc95c 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -25,7 +25,7 @@ $SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/usr/local/etc/acme/certs/example.com/combined.pem"
ssl.ca-file = "/usr/local/etc/acme/certs/example.com/chain.pem"
- ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES128+EECDH:AES128+EDH"
+ ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"
ssl.dh-file = "/usr/local/etc/ssl/certs/dhparam.pem"
ssl.ec-curve = "secp384r1"
setenv.add-response-header = (