Merge "Exclude anonymous cipher suites from Cobbler SSL configuration" into stable/mitaka

2017-04-18 12:27:05 +00:00 · 2017-04-18 12:27:05 +00:00 · 03aef5d5e6
parent 5ec577b5d0 0594f862d6
commit 03aef5d5e6
2 changed files with 2 additions and 4 deletions
--- a/deployment/puppet/cobbler/templates/httpd_ssl_2.2.conf.erb
+++ b/deployment/puppet/cobbler/templates/httpd_ssl_2.2.conf.erb
@ -101,7 +101,7 @@ SSLHonorCipherOrder on
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH
+SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
@ -226,4 +226,3 @@ CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 </VirtualHost>
-
--- a/deployment/puppet/cobbler/templates/httpd_ssl_2.4.conf.erb
+++ b/deployment/puppet/cobbler/templates/httpd_ssl_2.4.conf.erb
@ -101,7 +101,7 @@ SSLHonorCipherOrder on
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH
+SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
@ -226,4 +226,3 @@ CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 </VirtualHost>
-