nixos/nextcloud: for nc26 it's not necessary anymore to set enableBrokenCiphersForSSE
to false
This commit is contained in:
parent
430f1dcdbd
commit
0abc5bcc7e
@ -132,7 +132,9 @@ Auto updates for Nextcloud apps can be enabled using
|
||||
Nextcloud supports [server-side encryption (SSE)](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html).
|
||||
This is not an end-to-end encryption, but can be used to encrypt files that will be persisted
|
||||
to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3
|
||||
for PHP's openssl extension because this is implemented using the legacy cipher RC4.
|
||||
for PHP's openssl extension and **Nextcloud 25 or older** because this is implemented using the
|
||||
legacy cipher RC4. For Nextcloud26 this isn't relevant anymore, because Nextcloud has an RC4 implementation
|
||||
written in native PHP and thus doesn't need `ext-openssl` for that anymore.
|
||||
If [](#opt-system.stateVersion) is *above* `22.05`,
|
||||
this is disabled by default. To turn it on again and for further information please refer to
|
||||
[](#opt-services.nextcloud.enableBrokenCiphersForSSE).
|
||||
|
@ -712,6 +712,10 @@ in {
|
||||
See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
|
||||
|
||||
For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470
|
||||
'')
|
||||
++ (optional (cfg.enableBrokenCiphersForSSE && versionAtLeast cfg.package.version "26") ''
|
||||
Nextcloud26 supports RC4 without requiring legacy OpenSSL, so
|
||||
`services.nextcloud.enableBrokenCiphersForSSE` can be set to `false`.
|
||||
'');
|
||||
|
||||
services.nextcloud.package = with pkgs;
|
||||
|
Loading…
Reference in New Issue
Block a user