Merge "Exclude anonymous cipher suites from Cobbler SSL configuration"
This commit is contained in:
commit
dd4259fd8a
@ -60,7 +60,7 @@ class cobbler::apache {
|
|||||||
],
|
],
|
||||||
custom_fragment => '
|
custom_fragment => '
|
||||||
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"',
|
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"',
|
||||||
ssl_cipher => 'ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH',
|
ssl_cipher => 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
|
||||||
setenvif => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'],
|
setenvif => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -102,7 +102,7 @@ describe "cobbler::apache" do
|
|||||||
:ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt",
|
:ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt",
|
||||||
:ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key",
|
:ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key",
|
||||||
:rewrites => ssl_rewrites,
|
:rewrites => ssl_rewrites,
|
||||||
:ssl_cipher => "ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH",
|
:ssl_cipher => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS",
|
||||||
:setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"],
|
:setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"],
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
@ -119,4 +119,3 @@ describe "cobbler::apache" do
|
|||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user