$shcmd .= 'echo \"POLICY:\$POLICY\";';
$shcmd .= 'echo \"CIPHERS:\$CIPHERS\";';
$shcmd .= 'echo \"DHPARAMS:\$DHPARAMS\";';
+ $shcmd .= 'echo \"HONOR_CIPHER_ORDER:\$HONOR_CIPHER_ORDER\";';
my $data = -f $conffile ? `bash -c "$shcmd"` : '';
while ($data =~ s/^(.*)\n//) {
my ($key, $value) = split(/:/, $1, 2);
- next if !$value;
+ next if !defined($value) || $value eq '';
if ($key eq 'ALLOW_FROM' || $key eq 'DENY_FROM') {
my $ips = [];
foreach my $ip (split(/,/, $value)) {
$res->{$key} = $value;
} elsif ($key eq 'DHPARAMS') {
$res->{$key} = $value;
+ } elsif ($key eq 'HONOR_CIPHER_ORDER') {
+ die "unknown value '$value' - use 0 or 1\n" if $value !~ m/^(0|1)$/;
+ $res->{$key} = $value;
} else {
# silently skip everythin else?
}
cipher_list => $proxyconf->{CIPHERS} || 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256',
key_file => '/etc/pve/local/pve-ssl.key',
cert_file => '/etc/pve/local/pve-ssl.pem',
+ honor_cipher_order => $proxyconf->{HONOR_CIPHER_ORDER},
},
# Note: there is no authentication for those pages and dirs!
pages => {