diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-26 00:02:29 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-26 00:02:29 +0000 |
commit | 4f6928cc0493ede41e90b6fa4e1cde570bd17336 (patch) | |
tree | f73d03580d02af6455a388366474cdc98c4e0819 /pki/base/tps/apache/conf/nss.conf | |
parent | e90d291d9a737369587711eb6a879d700a3c5d7b (diff) | |
download | pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.gz pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.xz pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.zip |
Bugzilla 730146 - SSL handshake picks non-FIPS ciphers in FIPS mode
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2180 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps/apache/conf/nss.conf')
-rw-r--r-- | pki/base/tps/apache/conf/nss.conf | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf index 2e0b0ecae..314df040d 100644 --- a/pki/base/tps/apache/conf/nss.conf +++ b/pki/base/tps/apache/conf/nss.conf @@ -92,10 +92,16 @@ TransferLog [SERVER_ROOT]/logs/access_log # Enable/Disable SSL for this virtual host. NSSEngine on +# FIPS Switch: +# Enable/Disable FIPS mode +# NSSFIPS on + # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list. NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha +# SSL cipher suite in FIPS mode: +# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha NSSProtocol SSLv3,TLSv1 @@ -187,10 +193,16 @@ TransferLog [SERVER_ROOT]/logs/access_log # Enable/Disable SSL for this virtual host. NSSEngine on +# FIPS Switch: +# Enable/Disable FIPS mode +# NSSFIPS on + # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list. NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha +# SSL cipher suite in FIPS mode: +# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha NSSProtocol SSLv3,TLSv1 |