summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2015-06-29 15:34:01 -0700
committerChristina Fu <cfu@redhat.com>2015-07-01 13:41:19 -0700
commit7c1af7f7dac89363c7923802ec759ccb84813bfb (patch)
treef0936d4c42ed6be98ee90acc9dc2f8ca934c05ea
parent3937d69c1dd5f9ecd7940809b474097d63cb97b3 (diff)
downloadpki-7c1af7f7dac89363c7923802ec759ccb84813bfb.tar.gz
pki-7c1af7f7dac89363c7923802ec759ccb84813bfb.tar.xz
pki-7c1af7f7dac89363c7923802ec759ccb84813bfb.zip
Ticket 1438 pkispawn: SSL_ForceHandshake issue for non-CA on HSM on both shared and nonshared tomcat instances
-rw-r--r--base/server/python/pki/server/deployment/pkiparser.py107
1 files changed, 72 insertions, 35 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 7e1813c75..4b3dabb92 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -921,41 +921,78 @@ class PKIConfigParser:
"tls1_0:tls1_2"
self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \
"tls1_1:tls1_2"
- self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
- "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
- "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
- "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
- "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
- "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
- "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
- "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \
- "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
+ if self.mdict['pki_ssl_server_key_type'] == "ecc":
+ self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
+ "+TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
+ "-TLS_RSA_WITH_AES_128_CBC_SHA256," + \
+ "-TLS_RSA_WITH_AES_256_CBC_SHA256," + \
+ "-TLS_RSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
+ "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
+ "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
+ "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
+ else:
+ self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
+ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
+ "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
+ "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \
+ "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \
+ "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \
+ "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
+ "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \
"-SSL2_RC4_128_WITH_MD5," + \
"-SSL2_RC4_128_EXPORT40_WITH_MD5," + \