From 0067200776b0b647778fdb877db83927ab048de4 Mon Sep 17 00:00:00 2001
From: Greg Swift <gregswift@gmail.com>
Date: Wed, 13 Apr 2011 22:01:48 -0500
Subject: [PATCH] Added setting of ciphersuite with only high and better SSLv3
 certs.  This should keep nessus and its ilk quiet as we only use 2048bit
 encryption anyways.

---
 certmaster/SSLCommon.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/certmaster/SSLCommon.py b/certmaster/SSLCommon.py
index 5672a7f..c3e76c2 100644
--- a/certmaster/SSLCommon.py
+++ b/certmaster/SSLCommon.py
@@ -39,6 +39,7 @@ def CreateSSLContext(pkey, cert, ca_cert, passwd_callback=None):
     if passwd_callback:
         ctx.set_passwd_cb = passwd_callback
 
+    ctx.set_cipher_list('ALL:!aNULL:!ADH:!eNULL:!LOW:!MEDIUM:!EXP:RC4+RSA:+HIGH')
     ctx.use_certificate_file(cert)
     ctx.use_privatekey_file(pkey)
     ctx.load_client_ca(ca_cert)
-- 
2.39.5