lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 08:34:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUI: match cipher suites and commands (#5993)

Browse Source
This commit is contained in:
kulikov-a 2022-08-27 16:06:39 +03:00 committed by GitHub
parent 244cd1f040
commit 840ddc52f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/etc/inc/plugins.inc.d/webgui.inc
View File

@ -411,14 +411,21 @@ ssl.openssl.ssl-conf-cmd = (
EOD;
} else {
$lighty_config .= <<<EOD
ssl.openssl.ssl-conf-cmd = (
"MinProtocol" => "TLSv1",
"CipherString" => "{$config['system']['webgui']['ssl-ciphers']}"
)
EOD;
// use the same supported ciphers source as system_advanced_admin.php page do (its not a full list. but its openssl defaults)
$sys_ciphers = json_decode(configd_run("system ssl ciphers"), true);
$tls13_suites = array_keys(array_filter($sys_ciphers, function($val) { return $val['version'] == "TLSv1.3"; }));
$suites_selected = explode(":", $config['system']['webgui']['ssl-ciphers']);
$tls_suites_selected = array_diff($suites_selected, $tls13_suites);
$tls13_suites_selected = array_intersect($tls13_suites,$suites_selected);
$lighty_config .= "ssl.openssl.ssl-conf-cmd = (\n";
$lighty_config .= " \"MinProtocol\" => \"TLSv1\"";
if ($tls13_suites_selected) {
$lighty_config .= ",\n \"Ciphersuites\" => \"" . implode(":", $tls13_suites_selected) . "\"";
}
if ($tls_suites_selected) {
$lighty_config .= ",\n \"CipherString\" => \"" . implode(":", $tls_suites_selected) . "\"";
}
$lighty_config .= "\n)\n";
}
if (!empty($config['system']['webgui']['ssl-hsts'])) {