maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add new 'ssl-enabled' flag for domains and subdomains so ssl can be deactivated (by a customer too) even if there are ssl-ip/ports assigned; introduce new honorcipherorder and sessiontickets flags for more control over ssl-related settings on a per domain base (admin only); fixes #767 and fixes #769

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2019-12-10 10:21:35 +01:00
parent 3a738b7070
commit 466c09137b
15 changed files with 240 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Froxlor/Cron/Http/Lighttpd.php
View File

@@ -432,7 +432,7 @@ class Lighttpd extends HttpConfigBase
protected function getVhostContent($domain, $ssl_vhost = false, $ipid = 0)
{
if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_enabled'] != '1' && $domain['ssl_redirect'] != '1') {
return '';
}
@@ -586,7 +586,7 @@ class Lighttpd extends HttpConfigBase
$ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
$ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";
$ssl_settings .= 'ssl.cipher-list = "' . $ssl_cipher_list . '"' . "\n";
$ssl_settings .= 'ssl.honor-cipher-order = "enable"' . "\n";
$ssl_settings .= 'ssl.honor-cipher-order = ' . ($domain['ssl_honorcipherorder'] == '1' ? '"enable"' : '"disable"') . "\n";
$ssl_settings .= 'ssl.pemfile = "' . \Froxlor\FileDir::makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
if ($domain['ssl_ca_file'] != '') {