maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add option to disable SSL sessiontickets globally for older systems, fixes #784

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2019-12-31 12:27:35 +01:00
parent 37c434d4fc
commit 3eb1718fe0
8 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/Froxlor/Cron/Http/Apache.php
View File

@@ -480,7 +480,9 @@ class Apache extends HttpConfigBase
$this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' SSLCompression Off' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' SSLSessionTickets ' . ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . "\n";
if (Settings::Get('system.sessionticketsenabled') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' SSLSessionTickets ' . ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . "\n";
}
}
$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder ' . ($domain['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . "\n";
@@ -989,7 +991,9 @@ class Apache extends HttpConfigBase
$vhost_content .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
}
$vhost_content .= ' SSLCompression Off' . "\n";
$vhost_content .= ' SSLSessionTickets ' . ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . "\n";
if (Settings::Get('system.sessionticketsenabled') == '1') {
$vhost_content .= ' SSLSessionTickets ' . ($domain['ssl_sessiontickets'] == '1' ? 'on' : 'off') . "\n";
}
}
$vhost_content .= ' SSLHonorCipherOrder ' . ($domain['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . "\n";
$vhost_content .= ' SSLCipherSuite ' . $ssl_cipher_list . "\n";

4
lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -703,7 +703,9 @@ class Nginx extends HttpConfigBase
// see https://github.com/Froxlor/Froxlor/issues/652
// $sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers ' . (isset($domain_or_ip['ssl_honorcipherorder']) && $domain_or_ip['ssl_honorcipherorder'] == '1' ? 'on' : 'off') . ';' . "\n";
$sslsettings .= "\t" . 'ssl_session_tickets ' . (isset($domain_or_ip['ssl_sessiontickets']) && $domain_or_ip['ssl_sessiontickets'] == '1' ? 'on' : 'off') . ';' . "\n";
if (Settings::Get('system.sessionticketsenabled') == '1') {
$sslsettings .= "\t" . 'ssl_session_tickets ' . (isset($domain_or_ip['ssl_sessiontickets']) && $domain_or_ip['ssl_sessiontickets'] == '1' ? 'on' : 'off') . ';' . "\n";
}
$sslsettings .= "\t" . 'ssl_session_cache shared:SSL:10m;' . "\n";
$sslsettings .= "\t" . 'ssl_certificate ' . \Froxlor\FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";

2
lib/Froxlor/Froxlor.php
View File

@@ -10,7 +10,7 @@ final class Froxlor
const VERSION = '0.10.10';
// Database version (YYYYMMDDC where C is a daily counter)
const DBVERSION = '201912100';
const DBVERSION = '201912310';
// Distribution branding-tag (used for Debian etc.)
const BRANDING = '';