diff options
author | Ed Tanous <ed.tanous@intel.com> | 2019-01-24 19:57:11 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-01-24 20:02:54 +0300 |
commit | da21df7cde6abd82e2839cde8ab9eb96ea571492 (patch) | |
tree | 0c30bf17db7fbf0276918e93300420cda5b030d2 /include/ssl_key_handler.hpp | |
parent | 7625cb81a6618be5a25ea659bb15b1ddd52c4706 (diff) | |
download | bmcweb-da21df7cde6abd82e2839cde8ab9eb96ea571492.tar.xz |
Revert "bmcweb: update SSL cipher suites to OWASP compatB"
This reverts commit 54fd221a9139f46c7c95b4a22cc09e6e7ce4cbbc.
Reason for revert: This breaks compatibility with python automation running on ubuntu 16.04, and regresses our ability to run the test harness. Suspect we need to run compat C by default, but lets revert for now to stabilize.
Change-Id: I4a01450836d917cd9558bc826c1877e629280850
Diffstat (limited to 'include/ssl_key_handler.hpp')
-rw-r--r-- | include/ssl_key_handler.hpp | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index fc088ad01b..32d7a7368b 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -352,23 +352,8 @@ inline boost::asio::ssl::context getSslContext(const std::string &ssl_pem_file) std::string aesOnlyCiphers = "AES128+EECDH:AES128+EDH:!aNULL:!eNULL"; - // OWASP Cipher String 'B' (Broad compatibility to browsers) - // https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet - std::string owaspBroadCompatibility = "DHE-RSA-AES256-GCM-SHA384:" - "DHE-RSA-AES128-GCM-SHA256:" - "ECDHE-RSA-AES256-GCM-SHA384:" - "ECDHE-RSA-AES128-GCM-SHA256:" - "DHE-RSA-AES256-SHA256:" - "DHE-RSA-AES128-SHA256:" - "ECDHE-RSA-AES256-SHA384:" - "ECDHE-RSA-AES128-SHA256:" - "ECDHE-RSA-AES256-SHA:" - "ECDHE-RSA-AES128-SHA:" - "DHE-RSA-AES256-SHA:" - "DHE-RSA-AES128-SHA"; - if (SSL_CTX_set_cipher_list(mSslContext.native_handle(), - owaspBroadCompatibility.c_str()) != 1) + mozillaCompatibilityCiphers.c_str()) != 1) { BMCWEB_LOG_ERROR << "Error setting cipher list\n"; } |