Merge pull request #2698 from aaly00/master

Add DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL Option
2020-09-21 21:54:28 +08:00 · 2020-09-21 21:54:28 +08:00 · 3544f943c0
commit 3544f943c0
parent 3e4c2ca6ec 9875842e02
2 changed files with 13 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -248,6 +248,7 @@ services:
          - INSTALL_WKHTMLTOPDF=${PHP_FPM_INSTALL_WKHTMLTOPDF}
          - INSTALL_XHPROF=${PHP_FPM_INSTALL_XHPROF}
          - INSTALL_XMLRPC=${PHP_FPM_INSTALL_XMLRPC}
+          - DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=${PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL}
          - PUID=${PHP_FPM_PUID}
          - PGID=${PHP_FPM_PGID}
          - LOCALE=${PHP_FPM_DEFAULT_LOCALE}
--- a/php-fpm/Dockerfile
+++ b/php-fpm/Dockerfile
@ -921,6 +921,18 @@ RUN if [ ${INSTALL_XMLRPC} = true ]; then \
    docker-php-ext-install xmlrpc \
 ;fi

+###########################################################################
+# Downgrade Openssl:
+###########################################################################
+
+ARG DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=false
+
+RUN if [ ${DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL} = true ]; then \
+    sed -i 's,^\(MinProtocol[ ]*=\).*,\1'TLSv1.2',g' /etc/ssl/openssl.cnf \
+    && \
+    sed -i 's,^\(CipherString[ ]*=\).*,\1'DEFAULT@SECLEVEL=1',g' /etc/ssl/openssl.cnf\
+;fi
+
 ###########################################################################
 # Check PHP version:
 ###########################################################################