diff options
author | Karol Wachowski <karol.wachowski@intel.com> | 2020-11-18 18:03:40 +0300 |
---|---|---|
committer | Wachowski, Karol <karol.wachowski@intel.com> | 2020-12-15 11:34:35 +0300 |
commit | b9e1047161726e66ae8364b1a0f7002143f20ff7 (patch) | |
tree | 9111d394df1540bfacbe4b4ffaf6dfc71a0b72ac | |
parent | 3e3995d5e0cf4a15ddce3f17a3dcc1376c1f91c2 (diff) | |
download | virtual-media-b9e1047161726e66ae8364b1a0f7002143f20ff7.tar.xz |
Remove unsuported cipher suits form legacy HTTPS
Removed following cipher suits:
* AES256-GCM-SHA384
* AES128-GCM-SHA256
* AES256-SHA256
* AES128-SHA256
Tested: - verified manually that listed ciphers are not accepted
- verified manually that it is possible to mount HTTPS resource
using TLS version >= 1.1 and other ciphers
Change-Id: If41dfc8fa8439a1be1fd61dbb639595523a7157d
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
-rw-r--r-- | src/state/activating_state.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index 8b69fac..9cbd324 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -234,7 +234,10 @@ std::unique_ptr<resource::Process> "url=" + url, // custom OpenBMC path for CA "capath=/etc/ssl/certs/authority", - "ssl-version=tlsv1.1"}; + "ssl-version=tlsv1.1", + "ssl-cipher-list=ALL:!eNULL:!aNULL:" + "!AES256-GCM-SHA384:!AES128-GCM-SHA256:" + "!AES256-SHA256:!AES128-SHA256"}; // Authenticate if needed if (machine.getTarget()->credentials) |