From 137ba77bca18eab6a5f9c4d34a36ad4ff5059243 Mon Sep 17 00:00:00 2001
From: zdenek <zdenek@najihu.net>
Date: Tue, 23 Sep 2025 10:10:48 +0000
Subject: [PATCH] =?UTF-8?q?OpenSSL:=20povol=20legacy=20TLS=20a=20sni=C5=BE?=
 =?UTF-8?q?=20security=20level?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index c2d5396..8825550 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -62,6 +62,13 @@ LABEL org.opencontainers.image.title="docker-php-alpine" \
       org.opencontainers.image.source="https://git.najihu.net/zdenek/docker-php-alpine" \
       org.opencontainers.image.licenses="MIT"
 
+# --- OpenSSL: povol legacy TLS a sniž security level ---
+RUN set -eux; \
+  cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bak || true; \
+  awk 'BEGIN{print "openssl_conf = openssl_init"}{print}END{print "\n[openssl_init]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = system_default_sect\n\n[system_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT:@SECLEVEL=0"}' \
+    /etc/ssl/openssl.cnf.bak > /etc/ssl/openssl.cnf
+
+
 # Entrypoint spustí FPM a Apache (root → Apache si sám shodí práva)
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh