Open Lioxen opened 5 years ago
Sorry, the only thing this backport allows you to do, is to have the feature that allows you to disable 1.3, which was lacking from Debian/stable. So this at least allows users to connect and prevents errors due to conflicting openssl lib from Ondrej's/sury repository.
I haven't digged more since, we have switched to nginx which has a .deb repository straight from it's developers, hence ensuring that you always have an up-to-date and secure version.
If you are interested, here are template configurations files. https://github.com/AnnoyingTechnology/nginx-configuration-template
I tried to contact the mainainer of lighttpd for debian, but the package is orphaned. Someone else also tried here apprently : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913558
As you certainly know the lighttpd is broken, if you use Ondrej's repro. So I tried your version. But I have still the ssl problem. If a firefox user calls my site, I get still following error: 2019-01-08 08:55:57: (server.c.1457) server started (lighttpd/1.4.52) 2019-01-08 08:56:12: (mod_openssl.c.1458) SSL: renegotiation initiated by client, killing connection
The only workaround is to switch off TSL 1.3 in the lighttpd.conf
I thought since version 1.4.51 this problem is fixed?