diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2013-08-14 16:10:13 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2013-08-20 09:56:40 -0700 |
| commit | 443bffbe31971a66ce7b83c3f447057957b121cb (patch) | |
| tree | 4a7d5d116142b7506620ab1f2d1ba25ebdfa2c8d /base | |
| parent | 5ecf890b135bb3bcbe30298000b7ecbad404bce2 (diff) | |
| download | pki-443bffbe31971a66ce7b83c3f447057957b121cb.tar.gz pki-443bffbe31971a66ce7b83c3f447057957b121cb.tar.xz pki-443bffbe31971a66ce7b83c3f447057957b121cb.zip | |
By default, disable SSL3_RSA_WITH_DES_CBC_SHA.
* TRAC Ticket #706 - Disable SSL3_RSA_WITH_DES_CBC_SHA
Diffstat (limited to 'base')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 2 | ||||
| -rwxr-xr-x | base/setup/pkicreate | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index af8330c07..e7b23a6d3 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -794,7 +794,7 @@ class PKIConfigParser: "+SSL3_RSA_WITH_RC4_128_SHA," + \ "-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," + \ "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA," + \ - "+SSL3_RSA_WITH_DES_CBC_SHA," + \ + "-SSL3_RSA_WITH_DES_CBC_SHA," + \ "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5," + \ "-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," + \ "-SSL_RSA_FIPS_WITH_DES_CBC_SHA," + \ diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 5846a7dd1..a63d6b32c 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2432,7 +2432,7 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so . "-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"; $slot_hash{$TOMCAT_SSL3_CIPHERS} = "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," . "+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," - . "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA," + . "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA," . "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," . "-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," . "-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," |