[Dockerfile] Drop minimum security level back to TLS 1.0

Debian increased the minimum security level for OpenSSL from TLS 1.0 to TLS 1.2 [1] which also affects the Debian-based PHP image for Docker. This change can break some bridges which have to connect to servers with lower security level. Since all browsers still connect to these servers, so should RSS-Bridge. Note that according to [2] Mozilla, Firefox, Microsoft, Google and Apple plan to increase the minimum security level to TLS 1.2 around March 2020. At this time RSS-Bridge should follow the browser changes. This commit updates the Dockerfile to automatically drop the minimum security level back to TLS 1.0. Based on the solution provided by @theScrabi in #1318 [1] https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1 [2] https://salsa.debian.org/ondrej/openssl/blob/553fc8e61f30cd1f7a59dd38c61e1dd4bf58437d/debian/libssl1.1.NEWS
RSS-Bridge · Nov 1, 2019 · 1df3598 · 1df3598
1 parent 5f64fe2
commit 1df3598
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -6,6 +6,8 @@ RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" \
 	&& apt-get --yes update && apt-get --yes install libxml2-dev \
 	&& docker-php-ext-install -j$(nproc) simplexml \
 	&& sed -ri -e 's!/var/www/html!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/*.conf \
-	&& sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf
+	&& sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf \
+	&& sed -ri -e 's/(MinProtocol\s*=\s*)TLSv1\.2/\1None/' /etc/ssl/openssl.cnf \
+	&& sed -ri -e 's/(CipherString\s*=\s*DEFAULT)@SECLEVEL=2/\1/' /etc/ssl/openssl.cnf
 
 COPY --chown=www-data:www-data ./ /app/