Exclude anonymous cipher suites from Cobbler SSL configuration
The server used to be configured to support anonymous cipher suites with no key authentication. These ciphers are highly vulnerable to man in the middle attacks. New configuration applies only strong cipher suites on SSL server. Change-Id: I8ecac040a77614fd78188995a873b85c94781411 Closes-Bug: #1646761
This commit is contained in:
parent
9b13f574ea
commit
7261e43577
|
@ -60,7 +60,7 @@ class cobbler::apache {
|
|||
],
|
||||
custom_fragment => '
|
||||
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"',
|
||||
ssl_cipher => 'ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH',
|
||||
ssl_cipher => 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
|
||||
setenvif => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'],
|
||||
}
|
||||
}
|
||||
|
|
|
@ -102,7 +102,7 @@ describe "cobbler::apache" do
|
|||
:ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt",
|
||||
:ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key",
|
||||
:rewrites => ssl_rewrites,
|
||||
:ssl_cipher => "ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH",
|
||||
:ssl_cipher => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS",
|
||||
:setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"],
|
||||
)
|
||||
end
|
||||
|
@ -119,4 +119,3 @@ describe "cobbler::apache" do
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue