diff options
author | Christina Fu <cfu@redhat.com> | 2014-11-21 17:30:55 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-11-24 13:19:13 -0800 |
commit | 025e4e643911dcb277d9d0efb0e6d7533a679e71 (patch) | |
tree | e2a58f5901232611150e171a8284df45662840e1 /base/server/python/pki/server/deployment/pkiparser.py | |
parent | c0e3716fe43b87139bae57dba992fe0376bd215d (diff) | |
download | pki-025e4e643911dcb277d9d0efb0e6d7533a679e71.tar.gz pki-025e4e643911dcb277d9d0efb0e6d7533a679e71.tar.xz pki-025e4e643911dcb277d9d0efb0e6d7533a679e71.zip |
Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade
Diffstat (limited to 'base/server/python/pki/server/deployment/pkiparser.py')
-rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index ea6bbffab..6086da0b1 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -903,6 +903,45 @@ class PKIConfigParser: ".pid" self.mdict['TOMCAT_SERVER_PORT_SLOT'] = \ self.mdict['pki_tomcat_server_port'] + self.mdict['TOMCAT_SSL_VERSION_RANGE_STREAM_SLOT'] = \ + "tls1_0:tls1_2" + self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \ + "tls1_1:tls1_2" + self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \ + "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \ + "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \ + "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \ + "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \ + "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \ + "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \ + "+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \ + "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \ "-SSL2_RC4_128_WITH_MD5," + \ "-SSL2_RC4_128_EXPORT40_WITH_MD5," + \ @@ -926,8 +965,8 @@ class PKIConfigParser: "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \ "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" self.mdict['TOMCAT_SSL_OPTIONS_SLOT'] = \ - "ssl2=true," + \ - "ssl3=true," + \ + "ssl2=false," + \ + "ssl3=false," + \ "tls=true" self.mdict['TOMCAT_TLS_CIPHERS_SLOT'] = \ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \ |