diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2023-04-20 12:10:37 +0200 |
|---|---|---|
| committer | Maximilian Bosch <maximilian@mbosch.me> | 2023-04-20 12:20:52 +0200 |
| commit | 0abc5bcc7ed8db1ef23165c6ade0d65858b415cf (patch) | |
| tree | 3be27f131748206b9889c7f0bac0f2ff54053c33 /nixos | |
| parent | 430f1dcdbd362d9c37ba516edbb395570df47339 (diff) | |
nixos/nextcloud: for nc26 it's not necessary anymore to set `enableBrokenCiphersForSSE` to `false`
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.md | 4 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md index 7ef3cca281f9e..15c1f2da2724b 100644 --- a/nixos/modules/services/web-apps/nextcloud.md +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -132,7 +132,9 @@ Auto updates for Nextcloud apps can be enabled using Nextcloud supports [server-side encryption (SSE)](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html). This is not an end-to-end encryption, but can be used to encrypt files that will be persisted to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3 - for PHP's openssl extension because this is implemented using the legacy cipher RC4. + for PHP's openssl extension and **Nextcloud 25 or older** because this is implemented using the + legacy cipher RC4. For Nextcloud26 this isn't relevant anymore, because Nextcloud has an RC4 implementation + written in native PHP and thus doesn't need `ext-openssl` for that anymore. If [](#opt-system.stateVersion) is *above* `22.05`, this is disabled by default. To turn it on again and for further information please refer to [](#opt-services.nextcloud.enableBrokenCiphersForSSE). diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index da1c4b9eae230..2824b7ee24562 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -712,6 +712,10 @@ in { See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this. For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470 + '') + ++ (optional (cfg.enableBrokenCiphersForSSE && versionAtLeast cfg.package.version "26") '' + Nextcloud26 supports RC4 without requiring legacy OpenSSL, so + `services.nextcloud.enableBrokenCiphersForSSE` can be set to `false`. ''); services.nextcloud.package = with pkgs; |