Revert "bmcweb: update SSL cipher suites to OWASP compatB"

This reverts commit 54fd221a9139f46c7c95b4a22cc09e6e7ce4cbbc. Reason for revert: This breaks compatibility with python automation running on ubuntu 16.04, and regresses our ability to run the test harness. Suspect we need to run compat C by default, but lets revert for now to stabilize. Change-Id: I4a01450836d917cd9558bc826c1877e629280850
author: Ed Tanous <ed.tanous@intel.com> 2019-01-24 19:57:11 +0300
committer: Ed Tanous <ed.tanous@intel.com> 2019-01-24 20:02:54 +0300
commit: da21df7cde6abd82e2839cde8ab9eb96ea571492 (patch)
tree: 0c30bf17db7fbf0276918e93300420cda5b030d2 /include/ssl_key_handler.hpp
parent: 7625cb81a6618be5a25ea659bb15b1ddd52c4706 (diff)
download: bmcweb-da21df7cde6abd82e2839cde8ab9eb96ea571492.tar.xz
1 files changed, 1 insertions, 16 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index fc088ad01b..32d7a7368b 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -352,23 +352,8 @@ inline boost::asio::ssl::context getSslContext(const std::string &ssl_pem_file)
 
     std::string aesOnlyCiphers = "AES128+EECDH:AES128+EDH:!aNULL:!eNULL";
 
-    // OWASP Cipher String 'B' (Broad compatibility to browsers)
-    // https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet
-    std::string owaspBroadCompatibility = "DHE-RSA-AES256-GCM-SHA384:"
-                                          "DHE-RSA-AES128-GCM-SHA256:"
-                                          "ECDHE-RSA-AES256-GCM-SHA384:"
-                                          "ECDHE-RSA-AES128-GCM-SHA256:"
-                                          "DHE-RSA-AES256-SHA256:"
-                                          "DHE-RSA-AES128-SHA256:"
-                                          "ECDHE-RSA-AES256-SHA384:"
-                                          "ECDHE-RSA-AES128-SHA256:"
-                                          "ECDHE-RSA-AES256-SHA:"
-                                          "ECDHE-RSA-AES128-SHA:"
-                                          "DHE-RSA-AES256-SHA:"
-                                          "DHE-RSA-AES128-SHA";
-
     if (SSL_CTX_set_cipher_list(mSslContext.native_handle(),
-                                owaspBroadCompatibility.c_str()) != 1)
+                                mozillaCompatibilityCiphers.c_str()) != 1)
     {
         BMCWEB_LOG_ERROR << "Error setting cipher list\n";
     }
author	Ed Tanous <ed.tanous@intel.com>	2019-01-24 19:57:11 +0300
committer	Ed Tanous <ed.tanous@intel.com>	2019-01-24 20:02:54 +0300
commit	da21df7cde6abd82e2839cde8ab9eb96ea571492 (patch)
tree	0c30bf17db7fbf0276918e93300420cda5b030d2 /include/ssl_key_handler.hpp
parent	7625cb81a6618be5a25ea659bb15b1ddd52c4706 (diff)
download	bmcweb-da21df7cde6abd82e2839cde8ab9eb96ea571492.tar.xz