Browse Source

[docs] add !kPSK to the cipher string recommendation as the comments before already mention

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2933 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.34 lighttpd-1.4.34
Stefan Bühler 8 years ago
parent
commit
3ca6adc233
  1. 4
      doc/config/lighttpd.conf

4
doc/config/lighttpd.conf

@ -411,11 +411,11 @@ server.upload-dirs = ( "/var/tmp" )
## # so you might want to support 3DES for now - just remove the '!3DES' parts below).
## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
## # if you don't want that.
## # - SRP and PSK are not supported anyway, excluding those just keeps the list smaller (easier to review)
## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
## #
## # If you know you have RSA keys (standard), you can use:
## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP"
## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
## # The more generic version (without the restriction to RSA keys) is
## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
## #

Loading…
Cancel
Save