From 0067200776b0b647778fdb877db83927ab048de4 Mon Sep 17 00:00:00 2001 From: Greg Swift Date: Wed, 13 Apr 2011 22:01:48 -0500 Subject: [PATCH] Added setting of ciphersuite with only high and better SSLv3 certs. This should keep nessus and its ilk quiet as we only use 2048bit encryption anyways. --- certmaster/SSLCommon.py | 1 + 1 file changed, 1 insertion(+) diff --git a/certmaster/SSLCommon.py b/certmaster/SSLCommon.py index 5672a7f..c3e76c2 100644 --- a/certmaster/SSLCommon.py +++ b/certmaster/SSLCommon.py @@ -39,6 +39,7 @@ def CreateSSLContext(pkey, cert, ca_cert, passwd_callback=None): if passwd_callback: ctx.set_passwd_cb = passwd_callback + ctx.set_cipher_list('ALL:!aNULL:!ADH:!eNULL:!LOW:!MEDIUM:!EXP:RC4+RSA:+HIGH') ctx.use_certificate_file(cert) ctx.use_privatekey_file(pkey) ctx.load_client_ca(ca_cert) -- 2.39.5