summaryrefslogtreecommitdiff
path: root/doc/config/lighttpd.conf
diff options
context:
space:
mode:
authorArno Töll <arno@debian.org>2013-10-15 20:19:04 +0200
committerArno Töll <arno@debian.org>2013-10-15 20:19:04 +0200
commit1380410981681f011377225708e9c530330fd5a0 (patch)
tree7dd371bc4cac8910130e4ee0f4508bc519f1778d /doc/config/lighttpd.conf
parent5b23e76990e58208a01c2a5362362575bc12b397 (diff)
downloadlighttpd-1380410981681f011377225708e9c530330fd5a0.tar.gz
Imported Upstream version 1.4.33upstream/1.4.33upstream
Diffstat (limited to 'doc/config/lighttpd.conf')
-rw-r--r--doc/config/lighttpd.conf13
1 files changed, 8 insertions, 5 deletions
diff --git a/doc/config/lighttpd.conf b/doc/config/lighttpd.conf
index 47d6729..5f901f1 100644
--- a/doc/config/lighttpd.conf
+++ b/doc/config/lighttpd.conf
@@ -391,6 +391,14 @@ server.upload-dirs = ( "/var/tmp" )
## hosting with SSL. If you want to run multiple SSL servers with
## one lighttpd instance you must use IP-based virtual hosting: ::
##
+## Mitigate CVE-2009-3555 by disabling client triggered renegotation
+## This is enabled by default.
+##
+## IMPORTANT: this setting can only be used in the global scope.
+## It does *not* work inside conditionals
+##
+# ssl.disable-client-renegotiation = "enable"
+##
## $SERVER["socket"] == "10.0.0.1:443" {
## ssl.engine = "enable"
## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
@@ -408,11 +416,6 @@ server.upload-dirs = ( "/var/tmp" )
## #
## # ssl.honor-cipher-order = "enable"
## #
-## # Mitigate CVE-2009-3555 by disabling client triggered renegotation
-## # This is enabled by default.
-## #
-## # ssl.disable-client-renegotiation = "enable"
-## #
## server.name = "www.example.com"
##
## server.document-root = "/srv/www/vhosts/example.com/www/"