diff --git a/src/etc/dh-parameters.1024 b/src/etc/dh-parameters.1024 index 3148f4c5e..03ddceb58 100644 --- a/src/etc/dh-parameters.1024 +++ b/src/etc/dh-parameters.1024 @@ -1,5 +1,5 @@ -----BEGIN DH PARAMETERS----- -MIGHAoGBAINPWm4z+KHppuzSZFjreaLrKdI/wkP0ojutrSlkiszXsGkbU6++GB1C -7ZH2ZVpSIo4z31XyQnlraIkyY2pAItxqN8ozWaz84QLSHcwVcWKDEU7ZP0ISyTep -alnFPGG8nJBSzxch+7H3HOfM68y6kfMtFDWuZtYj/9Zw4W42fVDLAgEC +MIGHAoGBANl0O/jYGYAnQRtxvQ97D2bt7nraWGbn877Fy7+/7DWhLVAR8tgAUaXo +Z5usvCot++T2FCryeGwQjXirwy1sahSZFKUQ6kG5n09fVOY9oI8HQ1SsTjemEetG +Aqa0VbcVvll2K0nY1p8OJPGlEWmeBi21OSv5ZYjnxigvc38brIw7AgEC -----END DH PARAMETERS----- diff --git a/src/etc/dh-parameters.2048 b/src/etc/dh-parameters.2048 index f0e1a5d35..aa2311843 100644 --- a/src/etc/dh-parameters.2048 +++ b/src/etc/dh-parameters.2048 @@ -1,8 +1,8 @@ -----BEGIN DH PARAMETERS----- -MIIBCAKCAQEAmWwXhRjeqPYl1TvXeKZt5W8MHe0keJK7wC+uPMxpGFVXlvPnWdN+ -W/GyimtD2rHYWF1gyr5IbhiEkXSAuTCnwokwz9XiNQ3hKY/iwTPDo0Go8beB5Ezr -wz8DibSIv93Va5C+fHzwosuwTAqaOgpOzPqSmVS/UmUATssxOuCK6Crv7YyA5knW -v0JsJK3VfloeXq/p4skn/KRgL2twO5puJvZWGycMd3cv9+afsWjES/ItwzEHNSEG -sPen/kNDB4nH+WFKdXnP3fUAqPZCxiqaBC+UnuHngm7Se4smc7DeJkUsed7NLIeg -zDZ0a3bKZ3UB0lcLGbqXIhh74TtFQ1egmwIBAg== +MIIBCAKCAQEA7RQUrHIRzq0Xvaq+08JJ/oMwnWnKMDh7yKArgyBG71Bi5Gl/EeJl +glIUtEsW5nHjrbQhaJf9oC2G/zTK7xrtuURTcQVxQjA1xXAYMrAeMFV+vYKgoHj6 +brkqW0ivb3tSNUAZOMzAToXDZtCo4dhee9ZU+ZrdOpTTTpxX0S4kGGgN4qdCiDJm +IzUp8WUl8prnhdFzDlVmYfzep8gXdvFsCYOczpjV66godQWtSaO6+ntCEg2DK1o+ +W7EM8yN85yzy8MLbpc6oYzoaASSQGdYUuMtzVvaHKGueEv2bjUJ7CMSZXkd2z3c7 +d56EajFmu8xlsUnvmXi3831RwBJH20LcewIBAg== -----END DH PARAMETERS----- diff --git a/src/etc/dh-parameters.4096 b/src/etc/dh-parameters.4096 index 30058a136..e868369ee 100644 --- a/src/etc/dh-parameters.4096 +++ b/src/etc/dh-parameters.4096 @@ -1,13 +1,13 @@ -----BEGIN DH PARAMETERS----- -MIICCAKCAgEA1G0VaCFVkFFPB0pL1Y6NtAlysfvZaAXXmmJ89Xy5wrNLEZfTdmqT -NmABAhr0DD6+1rcI5d4LriRLhTFf77COjW/+FelEA5BZBsoQDL6QsxWt4VoLT6uK -bKVkbtwKycz0uOU1areS5gWHF71KRmKgooOuY2yl7a75uLn4QYCS7hKLXsAIB8eC -63nl81T5gXOAc3hMiKrk8hKLUA6zkMfqWIpG06wvicaPlg8GyQavwGxONDNl/Y2r -XyRoh/4ja7Moz0tUCmZV+iKtGgq5wekJ1fCN3zhXPX6h6WujoYqzcCmPLFCuIuEa -kxRy9XaDTe8V40p1RDc4yMYQrl2hxrO8YPRBewigILYxEfe+51qE5Sb//UZszwNL -kIhW9ObfAkotXoH81xke4EN0RX+rVK1ZYbeBIDCn62ZqNsUVkMh5Otsh0TiK7SP9 -O14IflklQqpyYc+aHMNknhsN30MFV3aD/785QS8zcWUdSdQeZlbjjFgJ4Xpt+r3p -X6Vv8cwEh8qDHn2CaOfZtyTx2V3B2LU1sJZQ9ynVzlxy2clQcVboXPM1xNgzHSsd -bFgPMJUAq9VjLGrbN6a3NqWwXnQPMuczX1G3T690fKF55e/boIAXZD1hEZqKt1f0 -DuCwyf/D4CEGyHhHIdVm7f1kTaErWzSgqcc2wGsjFi3ABTG2byxTnSsCAQI= +MIICCAKCAgEAuyZ+CFkBpcDArpt1oXlt8OgPLw/YMgnz5l5DHTVLOy25ndDhwU9Z +IDmMAG6EDK/44duQ85G1e1j350Vj7dXQ55dDsr7+3hnEfv/sA/yak44fc6Sln8lZ +wnsEl0ehLdunUDdWhBhXip6gg0TjtwSTLu9jz5VMahN9bI9ffI7Jhndx4abjtNVi +Km+cb0ivuKxoy1odCvZCbEXQMYEx3iqER4XwfuryHdj6gz20WdpJdIYZSivArTL2 +ZsBrE1VO0HNboSX41FSkIT/H4gozvTczjefTec4787cKMoHPGNMcE6y4+I1G2m3Z +XZvSLkx4+STxqdpAxvUsmgCTkpYn8geHJd2OAN25pEhvOGnsbIuWW01bKO0nGNdO +HWlTDqYB2W86u9JAgr+3cMyTv2EMEOz7/YB3yzI91S5s+LeNDJJDVYRCBnLjB6G4 +zISLESIqORcYUNkW63XvNFKVSfeY+SYjVqrFw/N0CeleJIcrTfLKWqdNBxlZH1Ef +7xYpfH+o3se2yZSOMNKB6+hAlhUss3bKTkM68OFR4eWWFkAb0Nd4nNgED7WZpObd +ewYEY+7ZNCYhD7o+gZ/QDTaqun7UwQ1AvDpyoU3H9WdBzQ46MhIpb6R2T8vfY6TR +mEO6DZRBo1DKlfCEvyN/ybBTBRHdckFIT+OzRfoQAH4XCG5iujeEDZMCAQI= -----END DH PARAMETERS----- diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index c296f008b..f57133b1e 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1172,26 +1172,7 @@ EOD; // Harden SSL a bit for PCI conformance testing $lighty_config .= "ssl.use-sslv2 = \"disable\"\n"; - /* Hifn accelerators do NOT work with the BEAST mitigation code. Do not allow it to be enabled if a Hifn card has been detected. */ - $fd = @fopen('/var/run/dmesg.boot', 'r'); - if ($fd) { - while (!feof($fd)) { - $dmesgl = fgets($fd); - if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches) && isset($config['system']['webgui']['beast_protection'])) { - unset($config['system']['webgui']['beast_protection']); - log_error("BEAST Protection disabled because a conflicting cryptographic accelerator card has been detected (" . $matches[1] . ")"); - break; - } - } - fclose($fd); - } - - if (isset($config['system']['webgui']['beast_protection'])) { - $lighty_config .= "ssl.honor-cipher-order = \"enable\"\n"; - $lighty_config .= "ssl.cipher-list = \"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM\"\n"; - } else { - $lighty_config .= "ssl.cipher-list = \"DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:!aNULL:!eNULL:!3DES:@STRENGTH\"\n"; - } + $lighty_config .= 'ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"' . PHP_EOL; if(!(empty($ca) || (strlen(trim($ca)) == 0))) $lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n"; diff --git a/src/www/system_advanced_admin.php b/src/www/system_advanced_admin.php index 08c0ec800..063cab1b7 100644 --- a/src/www/system_advanced_admin.php +++ b/src/www/system_advanced_admin.php @@ -43,7 +43,6 @@ $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); $pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']); $pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']); -$pconfig['beast_protection'] = isset($config['system']['webgui']['beast_protection']); $pconfig['enable_xdebug'] = isset($config['system']['webgui']['enable_xdebug']) ; $pconfig['loginautocomplete'] = isset($config['system']['webgui']['loginautocomplete']); $pconfig['althostnames'] = $config['system']['webgui']['althostnames']; @@ -163,11 +162,6 @@ if ($_POST) { else unset($config['system']['webgui']['nohttpreferercheck']); - if ($_POST['beast_protection'] == "yes") - $config['system']['webgui']['beast_protection'] = true; - else - unset($config['system']['webgui']['beast_protection']); - if ($_POST['enable_xdebug'] == "yes") { $config['system']['webgui']['enable_xdebug'] = true; } else { @@ -255,21 +249,6 @@ if ($_POST) { } } -unset($hwcrypto); -$fd = @fopen('/var/run/dmesg.boot', 'r'); -if ($fd) { - while (!feof($fd)) { - $dmesgl = fgets($fd); - if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) { - unset($pconfig['beast_protection']); - $disable_beast_option = "disabled"; - $hwcrypto = $matches[1]; - break; - } - } - fclose($fd); -} - $pgtitle = array(gettext("System"),gettext("Settings"),gettext("Admin Access")); include("head.inc"); @@ -469,22 +448,6 @@ include("head.inc"); "webConfigurator access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from Wikipedia."); ?> - - - - /> - -
- -
- " . sprintf(gettext("This option has been automatically disabled because a conflicting cryptographic accelerator card has been detected (%s)."), $hwcrypto) . "

"; - } ?> - Wikipedia."); ?> - -