#######################################################################
##
##  TLS Support
## -------------
##
## https://wiki.lighttpd.net/Docs_SSL
##
## To enable TLS, choose *one* of the lighttpd TLS/SSL modules, provide
## a valid certificate, and enable ssl.engine on listening address(es).
##
server.modules += ( "mod_openssl" )
#server.modules += ( "mod_gnutls" )
#server.modules += ( "mod_mbedtls" )
#server.modules += ( "mod_wolfssl" )
#server.modules += ( "mod_nss" )

## ssl.pemfile should contain the sorted certificate chain, including
## intermediate certificates, as provided by the certificate issuer.
## If both privkey and cert are in same file, specify only ssl.pemfile.
#ssl.privkey = "/FILL/IN/path/to/privkey.pem"
#ssl.pemfile = "/FILL/IN/path/to/fullchain.pem"

## lighttpd TLS defaults are strict and compatible with modern clients.
## If your organization requires use of system-managed TLS defaults to
## override lighttpd TLS defaults, use "CipherString" => "PROFILE=SYSTEM"
#ssl.openssl.ssl-conf-cmd += ("CipherString" => "PROFILE=SYSTEM")

## enable TLS on specified listening addresses
#$SERVER["socket"] == "*:443" {
#  ssl.engine  = "enable"
#}
#$SERVER["socket"] == "[::]:443" {
#  ssl.engine  = "enable"
#}

##
#######################################################################