maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

dont generate dhparam file as fallback but use defined FFDHE4096 group; fixes #1270

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2024-08-29 08:17:54 +02:00
parent a1b6125c14
commit 197eb7954a
5 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Froxlor/Api/Commands/SysLog.php
View File

@@ -225,7 +225,7 @@ class SysLog extends ApiCommand implements ResourceEntity
} }
$params['trunc'] = $truncatedate; $params['trunc'] = $truncatedate;
Database::pexecute($result_stmt, $params, true, true); Database::pexecute($result_stmt, $params, true, true);
$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog"); $this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog");
return $this->response(true); return $this->response(true);
} }
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);

4
lib/Froxlor/Cron/Http/Apache.php
View File

@@ -441,7 +441,7 @@ class Apache extends HttpConfigBase
if (!empty(Settings::Get('system.dhparams_file'))) { if (!empty(Settings::Get('system.dhparams_file'))) {
$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file')); $dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) { if (!file_exists($dhparams)) {
FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096'); file_put_contents($dhparams, self::FFDHE4096);
} }
$this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n"; $this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
} }
@@ -754,7 +754,7 @@ class Apache extends HttpConfigBase
if (!empty(Settings::Get('system.dhparams_file'))) { if (!empty(Settings::Get('system.dhparams_file'))) {
$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file')); $dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) { if (!file_exists($dhparams)) {
FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096'); file_put_contents($dhparams, self::FFDHE4096);
} }
$vhost_content .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n"; $vhost_content .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
} }

20
lib/Froxlor/Cron/Http/HttpConfigBase.php
View File

@@ -45,6 +45,26 @@ use PDO;
class HttpConfigBase class HttpConfigBase
{ {
/**
* Pre-defined DHE groups to use as fallback if dhparams_file
* is given, but non-existent, see also https://github.com/froxlor/Froxlor/issues/1270
*/
const FFDHE4096 = <<<EOC
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----
EOC;
public function init() public function init()
{ {
// if Let's Encrypt is activated, run it before regeneration of webserver configfiles // if Let's Encrypt is activated, run it before regeneration of webserver configfiles

4
lib/Froxlor/Cron/Http/Lighttpd.php
View File

@@ -273,7 +273,7 @@ class Lighttpd extends HttpConfigBase
if (!empty(Settings::Get('system.dhparams_file'))) { if (!empty(Settings::Get('system.dhparams_file'))) {
$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file')); $dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) { if (!file_exists($dhparams)) {
FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096'); file_put_contents($dhparams, self::FFDHE4096);
} }
$this->lighttpd_data[$vhost_filename] .= 'ssl.dh-file = "' . $dhparams . '"' . "\n"; $this->lighttpd_data[$vhost_filename] .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
$this->lighttpd_data[$vhost_filename] .= 'ssl.ec-curve = "secp384r1"' . "\n"; $this->lighttpd_data[$vhost_filename] .= 'ssl.ec-curve = "secp384r1"' . "\n";
@@ -756,7 +756,7 @@ class Lighttpd extends HttpConfigBase
if (!empty(Settings::Get('system.dhparams_file'))) { if (!empty(Settings::Get('system.dhparams_file'))) {
$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file')); $dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) { if (!file_exists($dhparams)) {
FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096'); file_put_contents($dhparams, self::FFDHE4096);
} }
$ssl_settings .= 'ssl.dh-file = "' . $dhparams . '"' . "\n"; $ssl_settings .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
$ssl_settings .= 'ssl.ec-curve = "secp384r1"' . "\n"; $ssl_settings .= 'ssl.ec-curve = "secp384r1"' . "\n";

2
lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -399,7 +399,7 @@ class Nginx extends HttpConfigBase
if (!empty(Settings::Get('system.dhparams_file'))) { if (!empty(Settings::Get('system.dhparams_file'))) {
$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file')); $dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) { if (!file_exists($dhparams)) {
FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096'); file_put_contents($dhparams, self::FFDHE4096);
} }
$sslsettings .= "\t" . 'ssl_dhparam ' . $dhparams . ';' . "\n"; $sslsettings .= "\t" . 'ssl_dhparam ' . $dhparams . ';' . "\n";
} }