Merge "Exclude anonymous cipher suites from Cobbler SSL configuration"

This commit is contained in:
Jenkins 2017-04-18 15:40:08 +00:00 committed by Gerrit Code Review
commit dd4259fd8a
2 changed files with 2 additions and 3 deletions

View File

@ -60,7 +60,7 @@ class cobbler::apache {
],
custom_fragment => '
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"',
ssl_cipher => 'ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH',
ssl_cipher => 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
setenvif => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'],
}
}

View File

@ -102,7 +102,7 @@ describe "cobbler::apache" do
:ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt",
:ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key",
:rewrites => ssl_rewrites,
:ssl_cipher => "ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH",
:ssl_cipher => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS",
:setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"],
)
end
@ -119,4 +119,3 @@ describe "cobbler::apache" do
end
end