diff options
| author | Karol Niczyj <karol.niczyj@intel.com> | 2021-08-17 21:09:42 +0300 |
|---|---|---|
| committer | Karol Niczyj <karol.niczyj@intel.com> | 2021-08-25 19:11:28 +0300 |
| commit | 2f81f80acc0e34cfad3d250b60f0ceba17bddbf0 (patch) | |
| tree | 239e38741b5bf50e6917c0db0ba7683dcb30d128 | |
| parent | 71520e886f7edcc7eb2b91b959a512883b684910 (diff) | |
| download | virtual-media-2f81f80acc0e34cfad3d250b60f0ceba17bddbf0.tar.xz | |
Restricted TLS cipher suites to preferred ones
Updated TLS 1.2 cipher list and added TLS1.3 cipher list.
Tested by Oleksandr Shulzhenko on local setup.
Change-Id: I218c245d8ddf7e54dae258a39cd78c3255027b6e
Signed-off-by: Karol Niczyj <karol.niczyj@intel.com>
| -rw-r--r-- | src/state/activating_state.cpp | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index 22225a2..b1113b7 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -267,10 +267,11 @@ std::unique_ptr<resource::Process> "capath=/etc/ssl/certs/authority", "ssl-version=tlsv1.2", "followlocation=false", - "ssl-cipher-list=ALL:!eNULL:!aNULL:" - "!AES256-GCM-SHA384:!AES128-GCM-SHA256:" - "!AES256-SHA256:!AES128-SHA256:" - "!ECDHE-RSA-CHACHA20-POLY1305"}; + "ssl-cipher-list=" + "ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-AES256-GCM-SHA384", + "tls13-ciphers=" + "TLS_AES_256_GCM_SHA384"}; // Authenticate if needed if (machine.getTarget()->credentials) |