make ssl-cipher-list an option, fixes #1274 ; improve ssl-related language-strings; setting version to 0.9.30 for release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2013-10-24 19:45:13 +02:00
parent b81d163e1d
commit 6ac4b87a84
10 changed files with 76 additions and 51 deletions
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -339,7 +339,7 @@ class apache
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
 						// this makes it more secure, thx to Marcel (08/2013)
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
-						$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH' . "\n";
+						$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . $this->settings['system']['ssl_cipher_list'] . "\n";
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLVerifyDepth 10' . "\n";
 						$this->virtualhosts_data[$vhosts_filename] .= ' SSLCertificateFile ' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . "\n";

@@ -716,7 +716,7 @@ class apache
 				$vhost_content .= '  SSLEngine On' . "\n";
 				// this makes it more secure, thx to Marcel (08/2013)
 				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
-				$vhost_content .= '  SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH' . "\n";
+				$vhost_content .= '  SSLCipherSuite ' . $this->settings['system']['ssl_cipher_list'] . "\n";
 				$vhost_content .= '  SSLVerifyDepth 10' . "\n";
 				$vhost_content .= '  SSLCertificateFile ' . makeCorrectFile($domain['ssl_cert_file']) . "\n";

--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -182,6 +182,9 @@ class lighttpd

 				if ($row_ipsandports['ssl_cert_file'] != '') {
 					$this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n";
+					$this->lighttpd_data[$vhost_filename].= 'ssl.use-sslv2 = "disable"' . "\n";
+					$this->lighttpd_data[$vhost_filename].= 'ssl.cipher-list = "' . $this->settings['system']['ssl_cipher_list'] . '"' . "\n";
+					$this->lighttpd_data[$vhost_filename].= 'ssl.honor-cipher-order = "enable"' . "\n";
 					$this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";

 					if ($row_ipsandports['ssl_ca_file'] != '') {
@@ -512,6 +515,9 @@ class lighttpd
 			
 			if ($domain['ssl_cert_file'] != '') {
 				$ssl_settings.= 'ssl.engine = "enable"' . "\n";
+				$ssl_settings.= 'ssl.use-sslv2 = "disable"' . "\n";
+				$ssl_settings.= 'ssl.cipher-list = "' . $this->settings['system']['ssl_cipher_list'] . '"' . "\n";
+				$ssl_settings.= 'ssl.honor-cipher-order = "enable"' . "\n";
 				$ssl_settings.= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";

 				if ($domain['ssl_ca_file'] != '') {
--- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php
+++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
@@ -506,7 +506,7 @@ class nginx
 			// obsolete: ssl on now belongs to the listen block as 'ssl' at the end
 			//$sslsettings .= "\t" . 'ssl on;' . "\n";
 			$sslsettings .= "\t" . 'ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;' . "\n";
-			$sslsettings .= "\t" . 'ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA;' . "\n";
+			$sslsettings .= "\t" . 'ssl_ciphers ' . $this->settings['system']['ssl_cipher_list'] . ';' . "\n";
 			$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
 			$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain['ssl_cert_file']) . ';' . "\n";

@@ -515,7 +515,7 @@ class nginx
 			}

 			if ($domain['ssl_ca_file'] != '') {
-				$sslsettings.= 'ssl_client_certificate ' . makeCorrectFile($domain['ssl_ca_file']) . ';' . "\n";
+				$sslsettings.= "\t" . 'ssl_client_certificate ' . makeCorrectFile($domain['ssl_ca_file']) . ';' . "\n";
 			}
 		}

--- a/scripts/jobs/cron_tasks.php
+++ b/scripts/jobs/cron_tasks.php
@@ -87,6 +87,13 @@ while ($row = $db->fetch_array($result_tasks)) {
 		} else {
 			echo "Please check you Webserver settings\n";
 		}
+
+		/**
+		 * as we might have a change from mod_php to fcgid/fpm or the other way around
+		 * we need to check customer directory permissions
+		 * -> 0.9.31
+		 */
+
 	}

 	/**
@@ -387,14 +394,11 @@ while ($row = $db->fetch_array($result_tasks)) {
 	}
 }

-if($db->num_rows($result_tasks) != 0)
-{
+if ($db->num_rows($result_tasks) != 0) {
 	$where = array();
-	foreach($resultIDs as $id)
-	{
+	foreach ($resultIDs as $id) {
 		$where[] = '`id`=\'' . (int)$id . '\'';
 	}
-
 	$where = implode($where, ' OR ');
 	$db->query('DELETE FROM `' . TABLE_PANEL_TASKS . '` WHERE ' . $where);
 	unset($resultIDs);