Browse Source

Merge "Exclude anonymous cipher suites from Cobbler SSL configuration"

Jenkins 2 years ago
parent
commit
dd4259fd8a

+ 1
- 1
deployment/puppet/cobbler/manifests/apache.pp View File

@@ -60,7 +60,7 @@ class cobbler::apache {
60 60
     ],
61 61
     custom_fragment => '
62 62
       CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"',
63
-    ssl_cipher      => 'ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH',
63
+    ssl_cipher      => 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
64 64
     setenvif        => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'],
65 65
   }
66 66
 }

+ 1
- 2
deployment/puppet/cobbler/spec/classes/cobbler_apache_spec.rb View File

@@ -102,7 +102,7 @@ describe "cobbler::apache" do
102 102
             :ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt",
103 103
             :ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key",
104 104
             :rewrites => ssl_rewrites,
105
-            :ssl_cipher => "ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH",
105
+            :ssl_cipher => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS",
106 106
             :setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"],
107 107
         )
108 108
       end
@@ -119,4 +119,3 @@ describe "cobbler::apache" do
119 119
   end
120 120
 
121 121
 end
122
-

Loading…
Cancel
Save