From 9875842e02d9833b3114183c5768941189a88c9e Mon Sep 17 00:00:00 2001 From: Amr Aly Date: Fri, 4 Sep 2020 15:18:48 -0500 Subject: [PATCH] Add DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL Option --- docker-compose.yml | 1 + php-fpm/Dockerfile | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 883e244..9d272ea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -243,6 +243,7 @@ services: - INSTALL_WKHTMLTOPDF=${PHP_FPM_INSTALL_WKHTMLTOPDF} - INSTALL_XHPROF=${PHP_FPM_INSTALL_XHPROF} - INSTALL_XMLRPC=${PHP_FPM_INSTALL_XMLRPC} + - DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=${PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL} - PUID=${PHP_FPM_PUID} - PGID=${PHP_FPM_PGID} - LOCALE=${PHP_FPM_DEFAULT_LOCALE} diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile index 07443f2..ae86704 100644 --- a/php-fpm/Dockerfile +++ b/php-fpm/Dockerfile @@ -916,6 +916,18 @@ RUN if [ ${INSTALL_XMLRPC} = true ]; then \ docker-php-ext-install xmlrpc \ ;fi +########################################################################### +# Downgrade Openssl: +########################################################################### + +ARG DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=false + +RUN if [ ${DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL} = true ]; then \ + sed -i 's,^\(MinProtocol[ ]*=\).*,\1'TLSv1.2',g' /etc/ssl/openssl.cnf \ + && \ + sed -i 's,^\(CipherString[ ]*=\).*,\1'DEFAULT@SECLEVEL=1',g' /etc/ssl/openssl.cnf\ +;fi + ########################################################################### # Check PHP version: ###########################################################################