Lighttpd 1.4.68 Brings Stronger TLS Defaults, KTLS Sendfile Support For Faster Performance
This CPU and memory efficiency optimized HTTP(S) web server under the revised BSD license has continued tacking on more improvements with its newest release.
Lighttpd 1.4.68 now enforces stronger TLS defaults out-of-the-box though legacy ciphers can still be configured. The default for Lighttpd's TLS modules are to now use stronger, modern ciphers unless otherwise specified. This web server update has also removed several previously deprecated TLS options.
Also notable with Lighttpd 1.4.68 is adding KTLS sendfile support in the OpenSSL and GnuTLS modules when available and enabled. This is similar to what has already been available in the likes of Nginx for making use of kernel TLS with SSL_sendfile() for improving performance and reducing copy operations between kernel and user-space. Lighttpd hasn't provided any performance figures but in the case of Nginx when they added kTLS sendfile support there were 13~28% performance improvements experienced. Making use of the in-kernel TLS with SSL_sendfile() also led to reduction in CPU usage.
Lighttpd 1.4.68 has also removed deprecated modules and fixed various bugs with this lightweight web server update. Downloads and more details on the new release via Lighttpd.net.