Added setting of ciphersuite with only high and better SSLv3 certs. This should...

author Greg Swift <gregswift@gmail.com>

Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)

committer Greg Swift <gregswift@gmail.com>

Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)
author Greg Swift <gregswift@gmail.com>
Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)
committer Greg Swift <gregswift@gmail.com>
Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)
diff --git a/certmaster/SSLCommon.py b/certmaster/SSLCommon.py

index 5672a7f..c3e76c2 100644 (file)
--- a/certmaster/SSLCommon.py
+++ b/certmaster/SSLCommon.py
@@ -39,6 +39,7 @@ def CreateSSLContext(pkey, cert, ca_cert, passwd_callback=None):
      if passwd_callback:
          ctx.set_passwd_cb = passwd_callback
  
+    ctx.set_cipher_list('ALL:!aNULL:!ADH:!eNULL:!LOW:!MEDIUM:!EXP:RC4+RSA:+HIGH')
      ctx.use_certificate_file(cert)
      ctx.use_privatekey_file(pkey)
      ctx.load_client_ca(ca_cert)
author	Greg Swift <gregswift@gmail.com>
	Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)
committer	Greg Swift <gregswift@gmail.com>
	Thu, 14 Apr 2011 03:01:48 +0000 (22:01 -0500)