summaryrefslogtreecommitdiffstats
path: root/pki/base/tps/apache/conf/nss.conf
diff options
context:
space:
mode:
authorcfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-08-26 00:02:29 +0000
committercfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-08-26 00:02:29 +0000
commit4f6928cc0493ede41e90b6fa4e1cde570bd17336 (patch)
treef73d03580d02af6455a388366474cdc98c4e0819 /pki/base/tps/apache/conf/nss.conf
parente90d291d9a737369587711eb6a879d700a3c5d7b (diff)
downloadpki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.gz
pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.xz
pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.zip
Bugzilla 730146 - SSL handshake picks non-FIPS ciphers in FIPS mode
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2180 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps/apache/conf/nss.conf')
-rw-r--r--pki/base/tps/apache/conf/nss.conf12
1 files changed, 12 insertions, 0 deletions
diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf
index 2e0b0ecae..314df040d 100644
--- a/pki/base/tps/apache/conf/nss.conf
+++ b/pki/base/tps/apache/conf/nss.conf
@@ -92,10 +92,16 @@ TransferLog [SERVER_ROOT]/logs/access_log
# Enable/Disable SSL for this virtual host.
NSSEngine on
+# FIPS Switch:
+# Enable/Disable FIPS mode
+# NSSFIPS on
+
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+# SSL cipher suite in FIPS mode:
+# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
@@ -187,10 +193,16 @@ TransferLog [SERVER_ROOT]/logs/access_log
# Enable/Disable SSL for this virtual host.
NSSEngine on
+# FIPS Switch:
+# Enable/Disable FIPS mode
+# NSSFIPS on
+
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+# SSL cipher suite in FIPS mode:
+# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1