diff options
| author | Christian Heimes <cheimes@redhat.com> | 2016-01-21 16:09:10 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-02-11 10:44:29 +0100 |
| commit | 5ac3a3cee534a16db86c541b9beff4939f03410e (patch) | |
| tree | d0aff8d1bb1d4976e99120b01976bf1ccf293beb /pylintrc | |
| parent | 42d364427606e39486645e4064ca16940b2f8837 (diff) | |
| download | freeipa-5ac3a3cee534a16db86c541b9beff4939f03410e.tar.gz freeipa-5ac3a3cee534a16db86c541b9beff4939f03410e.tar.xz freeipa-5ac3a3cee534a16db86c541b9beff4939f03410e.zip | |
Modernize mod_nss's cipher suites
The list of supported TLS cipher suites in /etc/httpd/conf.d/nss.conf
has been modernized. Insecure or less secure algorithms such as RC4,
DES and 3DES are removed. Perfect forward secrecy suites with ephemeral
ECDH key exchange have been added. IE 8 on Windows XP is no longer
supported.
The list of enabled cipher suites has been generated with the script
contrib/nssciphersuite/nssciphersuite.py.
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
https://fedorahosted.org/freeipa/ticket/5589
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'pylintrc')
0 files changed, 0 insertions, 0 deletions