Change cipher algo by default (CAMELLIA)

Status
Not open for further replies.
djoole

djoole

Contributor
Joined
Oct 3, 2011
Messages
158
I would like FreeNAS to use AES256 instead of CAMELLIA during SSL communications

I tried to add the following lines in /usr/local/etc/lighttpd/lighttpd.conf :
ssl.use-sslv2 = "disable"
ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"

But my HTTPS pages are still encrypted with CAMELLIA_256_CBC

Any idea on how to setup this?
 
F

freenasSYS

Cadet
Joined
Jul 4, 2012
Messages
2
I am not sure if /usr/local/etc/lighttpd/lighttpd.conf would persist across reboots, but if it does that's fine.
Here is what works for me:

Add the following to /conf/base/etc/lighttpd/lighttpd.conf (insert near ssl engine)
◦ ssl.use-sslv2 = "disable"
◦ ssl.use-sslv3 = "disable"
◦ ssl.cipher-list = "HIGH !DSS !3DES !MD5 !aNULL !eNULL !AES128-SHA !CAMELLIA128-SHA !DHE-RSA-CAMELLIA128-SHA !DHE-RSA-AES128-SHA"

◦ Note: the above cipher-list must be all on one line (no new lines)

So you would probably have to do !CAMELLIA256-SHA to disable CAMELLIA
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Change cipher algo by default (CAMELLIA)"

Similar threads

H
SSL_ERROR_NO_CYPHER_OVERLAP when using EC certificates
Replies
0
Views
1K
Han Sooloo
H
C
  • Locked
HOW-TO: Let's excrypt with Nextcloud/Owncloud
Replies
12
Views
8K
Zxarr
Z
realdreams
  • Locked
8.3.0 upgrade to 8.3.1 https locked out
Replies
7
Views
3K
William Grzybowski
William Grzybowski
kaipee
[How-To] Install Firefox Sync in a FreeNAS 9.10 Jail
Replies
6
Views
13K
John Doe
J
ezra
Setup Bitwarden in a jail for local useage
2
Replies
26
Views
27K
victort
victort
Top