maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add dhparams for webserver/ssl, refs #519

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2018-11-18 20:34:53 +01:00
parent 776bb56b24
commit b032f5b2ba
10 changed files with 71 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/jobs/cron_tasks.inc.http.30.nginx.php
View File

@@ -625,6 +625,13 @@ class nginx extends HttpConfigBase
// $sslsettings .= "\t" . 'ssl on;' . "\n";
$sslsettings .= "\t" . 'ssl_protocols ' . str_replace(",", " ", Settings::Get('system.ssl_protocols')) . ';' . "\n";
$sslsettings .= "\t" . 'ssl_ciphers ' . Settings::Get('system.ssl_cipher_list') . ';' . "\n";
if (!empty(Settings::Get('system.dhparams_file'))) {
$dhparams = makeCorrectFile(Settings::Get('system.dhparams_file'));
if (!file_exists($dhparams)) {
safe_exec('openssl dhparam -out '.escapeshellarg($dhparams).' 4096');
}
$sslsettings .= 'ssl_dhparam ' . $dhparams . ';' . "\n";
}
$sslsettings .= "\t" . 'ssl_ecdh_curve secp384r1;' . "\n";
$sslsettings .= "\t" . 'ssl_prefer_server_ciphers on;' . "\n";
$sslsettings .= "\t" . 'ssl_certificate ' . makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";