More updated SSL tricks

Back on November 24th I updated SSL for an Apache server. As I'm playing around with lighttpd, I decided to do the same for it. Here's the configuration I came up with for a FreeBSD machine:

~~~~
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!MD5:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4"
~~~~

Results in

~~~~
New, TLSv1/SSLv3, Cipher is DHE-RSA-CAMELLIA256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-CAMELLIA256-SHA
~~~~

originally published at wiki.lewman.is