diff options
| author | Christina Fu <cfu@redhat.com> | 2015-08-14 19:57:15 +0200 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-08-17 13:11:39 -0600 |
| commit | 5935b765aaeb0f30844812db057020b1aaea4559 (patch) | |
| tree | 182fc88fe2138e9da8f7054b03e86146fba2190b /base/server/tomcat7 | |
| parent | 12badcabc1cd345256a4902f7b0583cf667ecd8d (diff) | |
| download | pki-5935b765aaeb0f30844812db057020b1aaea4559.tar.gz pki-5935b765aaeb0f30844812db057020b1aaea4559.tar.xz pki-5935b765aaeb0f30844812db057020b1aaea4559.zip | |
Ticket #1556 Weak HTTPS TLS ciphers
This patch fixes the RSA ciphers that were mistakenly turned on under ECC
section, and off under RSA section. A few adjustments have also been made
based on Bob Relyea's feedback. A new file, <instance>/conf/ciphers.info
was also created to
1. provide info on the ciphers
2. provide default rsa and ecc ciphers for admins to incorporate into earlier
instances (as migration script might not be ideal due to possible customization)
(cherry picked from commit 67c895851781d69343979cbcff138184803880ea)
Diffstat (limited to 'base/server/tomcat7')
| -rw-r--r-- | base/server/tomcat7/conf/server.xml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml index d944d324b..7deb8a201 100644 --- a/base/server/tomcat7/conf/server.xml +++ b/base/server/tomcat7/conf/server.xml @@ -179,6 +179,9 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt ocspTimeout -sets OCSP timeout in seconds + + See <instance dir>/conf/ciphers.info + About the TLS range related parameters --> <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="SSL" scheme="https" secure="true" maxHttpHeaderSize="8192" |