AnnoyingTechnology / lighttpd-backport-debian-9-stretch

Backported versions of lighttpd for Debian9 (Newer versions)
GNU General Public License v3.0
0 stars 0 forks source link

Ondrej's PHP repository #2

Open Lioxen opened 5 years ago

Lioxen commented 5 years ago

As you certainly know the lighttpd is broken, if you use Ondrej's repro. So I tried your version. But I have still the ssl problem. If a firefox user calls my site, I get still following error: 2019-01-08 08:55:57: (server.c.1457) server started (lighttpd/1.4.52) 2019-01-08 08:56:12: (mod_openssl.c.1458) SSL: renegotiation initiated by client, killing connection

The only workaround is to switch off TSL 1.3 in the lighttpd.conf

I thought since version 1.4.51 this problem is fixed?

AnnoyingTechnology commented 5 years ago

Sorry, the only thing this backport allows you to do, is to have the feature that allows you to disable 1.3, which was lacking from Debian/stable. So this at least allows users to connect and prevents errors due to conflicting openssl lib from Ondrej's/sury repository.

I haven't digged more since, we have switched to nginx which has a .deb repository straight from it's developers, hence ensuring that you always have an up-to-date and secure version.

If you are interested, here are template configurations files. https://github.com/AnnoyingTechnology/nginx-configuration-template

AnnoyingTechnology commented 5 years ago

I tried to contact the mainainer of lighttpd for debian, but the package is orphaned. Someone else also tried here apprently : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913558