summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki/server
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/python/pki/server')
-rw-r--r--base/server/python/pki/server/deployment/pkiparser.py72
1 files changed, 38 insertions, 34 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index c1b6be395..425b71034 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -921,42 +921,46 @@ class PKIConfigParser:
"tls1_0:tls1_2"
self.mdict['TOMCAT_SSL_VERSION_RANGE_DATAGRAM_SLOT'] = \
"tls1_1:tls1_2"
+ ##
+ # Reminder: if the following cipher lists are updated, be sure
+ # to remember to update pki/base/server/share/conf/ciphers.info
+ # accordingly
+ #
if self.mdict['pki_ssl_server_key_type'] == "ecc":
self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
- "+TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256," + \
"+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
"-TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
"-TLS_RSA_WITH_AES_128_CBC_SHA," + \
"-TLS_RSA_WITH_AES_256_CBC_SHA," + \
"+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
"+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
"-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
"-TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
"-TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
+ "-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
"-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
"-TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
"-TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
"-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
"-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
+ "-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
"-TLS_RSA_WITH_AES_128_CBC_SHA256," + \
"-TLS_RSA_WITH_AES_256_CBC_SHA256," + \
"-TLS_RSA_WITH_AES_128_GCM_SHA256," + \
- "-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
- "-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
"+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
"+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
+ "+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
else:
self.mdict['TOMCAT_SSL_RANGE_CIPHERS_SLOT'] = \
"-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + \
@@ -965,34 +969,34 @@ class PKIConfigParser:
"-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + \
"-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + \
"-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256," +\
"-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_RSA_WITH_AES_256_CBC_SHA," + \
"-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + \
"-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + \
- "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
- "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + \
"-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," + \
"-TLS_DHE_DSS_WITH_AES_128_CBC_SHA," + \
"-TLS_DHE_DSS_WITH_AES_256_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
- "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
- "+TLS_RSA_WITH_AES_128_CBC_SHA256," + \
- "+TLS_RSA_WITH_AES_256_CBC_SHA256," + \
- "+TLS_RSA_WITH_AES_128_GCM_SHA256," + \
- "+TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_AES_128_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_AES_256_CBC_SHA," + \
+ "-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256," + \
+ "-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256," + \
"-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256," + \
"-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256," + \
- "-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
+ "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + \
"-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + \
- "-TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + \
- "-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
- "-TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
+ "+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + \
+ "-TLS_RSA_WITH_AES_128_CBC_SHA256," + \
+ "-TLS_RSA_WITH_AES_256_CBC_SHA256," + \
+ "-TLS_RSA_WITH_AES_128_GCM_SHA256," + \
+ "+TLS_RSA_WITH_3DES_EDE_CBC_SHA," + \
+ "+TLS_RSA_WITH_AES_128_CBC_SHA," + \
+ "+TLS_RSA_WITH_AES_256_CBC_SHA"
self.mdict['TOMCAT_SSL2_CIPHERS_SLOT'] = \
"-SSL2_RC4_128_WITH_MD5," + \
"-SSL2_RC4_128_EXPORT40_WITH_MD5," + \
generated by cgit (git 2.34.1) at 2024-06-20 21:38:41 +0000