Restrict lighttpd to strong TLS cipher suites
Follow-up from #559 (closed), github PR #59 and github PR #63.
Since lighttpd version 1.4.56, the reasonable default TLS configuration is:
"MinProtocol" => "TLSv1.2"
"CipherString" => "HIGH"
We can consider to restrict list of cipher suites to only strong ciphers, as OpenSSL HIGH
consist of not-so-high cipher suites as well...
List of cipher suites could be something like:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-CCM8
ECDHE-ECDSA-AES256-CCM8
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-CCM8
DHE-RSA-AES256-CCM8
DHE-RSA-CHACHA20-POLY1305
together with strong DH parameters (> 1024 bit).