Hi!
I need help with Diffie-Hellman ssl-encryption in pi-hole to use it with https.
Version: lighttpd/1.4.53 (ssl)
this key works with lighttpd:
openssl req -new -x509 -keyout private.pem -out private.pem -days 365 -nodes
lighttpd is running with this key above. (x509)
openssl dhparam -dsaparam -out private-dh.pem 4096
lighttpd did not start with this key (Diffie-Hellman)
Output:
lighttpd[32659]: 2019-08-16 21:25:02: (mod_openssl.c.1282) ssl.pemfile has to be set in same scope as other ssl.* directives, unless only ssl.engine is set, ...
lighttpd[32659]: 2019-08-16 21:25:02: (server.c.1183) Initialization of plugins failed. Going down.
systemd[1]: lighttpd.service: Control process exited, code=exited, status=255/EXCEPTION
systemd[1]: lighttpd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start "lighttpd".
here are my https-ssl-config in lighttpd.conf:
server.modules += ("mod_openssl")
$SERVER["socket"] == "my-ip-hide:443" {
ssl.engine = "enable"
ssl.disable-client-renegotiation = "enable"
ssl.dh-file = "/path/to/private-dh.pem"
#ssl.pemfile = "/path/to/private.pem"
ssl.ec-curve = "secp384r1"setenv.add-environment = ( "HTTPS" => "on" )
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.openssl.ssl-conf-cmd = ( "Protocol" => "-TLSv1.1, -TLSv1, -SSLv3" )setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=15768000;" )
}#/-REDIRECT-#
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ "." {
url.redirect = ( "." => "https://%0$0" )
}
}
How can I get DH encryption with lighttpd to work?