add new 'ssl-enabled' flag for domains and subdomains so ssl can be deactivated (by a customer too) even if there are ssl-ip/ports assigned; introduce new honorcipherorder and sessiontickets flags for more control over ssl-related settings on a per domain base (admin only); fixes #767 and fixes #769

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2019-12-10 10:21:35 +01:00
parent 3a738b7070
commit 466c09137b
15 changed files with 240 additions and 31 deletions
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -271,6 +271,9 @@ CREATE TABLE `panel_domains` (
  `ssl_protocols` text,
  `ssl_cipher_list` text,
  `tlsv13_cipher_list` text,
+  `ssl_enabled` tinyint(1) DEFAULT '1',
+  `ssl_honorcipherorder` tinyint(1) DEFAULT '0',
+  `ssl_sessiontickets` tinyint(1) DEFAULT '1',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -652,6 +655,8 @@ opcache.interned_strings_buffer'),
 	('system', 'disable_le_selfcheck', '0'),
 	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
 	('system', 'tlsv13_cipher_list', ''),
+	('system', 'honorcipherorder', '0'),
+	('system', 'sessiontickets', '1'),
 	('system', 'logfiles_format', ''),
 	('system', 'logfiles_type', '1'),
 	('system', 'logfiles_piped', '0'),
@@ -697,7 +702,7 @@ opcache.interned_strings_buffer'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'is_configured', '0'),
 	('panel', 'version', '0.10.9'),
-	('panel', 'db_version', '201911220');
+	('panel', 'db_version', '201912100');


 DROP TABLE IF EXISTS `panel_tasks`;