diff options
| author | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-25 00:57:27 +0300 |
|---|---|---|
| committer | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-25 00:57:27 +0300 |
| commit | 71520e886f7edcc7eb2b91b959a512883b684910 (patch) | |
| tree | c5be47b91b500c5ac5bf0a075164c5ca6d783cc5 | |
| parent | a0bcbd873a067958da13aa881446913ba6c83762 (diff) | |
| download | virtual-media-71520e886f7edcc7eb2b91b959a512883b684910.tar.xz | |
Forbid ECDHE-RSA-CHACHA20-POLY1305 with TLSv1.2
According to the latest recommendations obsolete cipher suites shall be
forbidden.
Tested:
Python HTTP server configured TLSv1.2 with ECDHE-RSA-CHACHA20-POLY1305
cipher can't be reached.
Change-Id: I370c125b28c4df4bba744ec63536aa8fdebb961d
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
| -rw-r--r-- | src/state/activating_state.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index 6cf9f68..22225a2 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -269,7 +269,8 @@ std::unique_ptr<resource::Process> "followlocation=false", "ssl-cipher-list=ALL:!eNULL:!aNULL:" "!AES256-GCM-SHA384:!AES128-GCM-SHA256:" - "!AES256-SHA256:!AES128-SHA256"}; + "!AES256-SHA256:!AES128-SHA256:" + "!ECDHE-RSA-CHACHA20-POLY1305"}; // Authenticate if needed if (machine.getTarget()->credentials) |