Exclude anonymous cipher suites from Cobbler SSL configuration
The server used to be configured to support anonymous cipher suites with no key authentication. These ciphers are highly vulnerable to man in the middle attacks. New configuration applies only strong cipher suites on SSL server. Change-Id: I8ecac040a77614fd78188995a873b85c94781411 Closes-Bug: #1646761
This commit is contained in:
parent
5fe47abd52
commit
42ebf728a8
|
@ -101,7 +101,7 @@ SSLHonorCipherOrder on
|
|||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
|
||||
|
||||
# Server Certificate:
|
||||
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||
|
@ -226,4 +226,3 @@ CustomLog logs/ssl_request_log \
|
|||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ SSLHonorCipherOrder on
|
|||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH
|
||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
|
||||
|
||||
# Server Certificate:
|
||||
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||
|
@ -226,4 +226,3 @@ CustomLog logs/ssl_request_log \
|
|||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
|
|
Loading…
Reference in New Issue