From: Greg Swift Date: Thu, 14 Apr 2011 03:01:48 +0000 (-0500) Subject: Added setting of ciphersuite with only high and better SSLv3 certs. This should... X-Git-Tag: v0.29~17 X-Git-Url: https://pwan.org/git/?p=certmaster.git;a=commitdiff_plain;h=0067200776b0b647778fdb877db83927ab048de4 Added setting of ciphersuite with only high and better SSLv3 certs. This should keep nessus and its ilk quiet as we only use 2048bit encryption anyways. --- diff --git a/certmaster/SSLCommon.py b/certmaster/SSLCommon.py index 5672a7f..c3e76c2 100644 --- a/certmaster/SSLCommon.py +++ b/certmaster/SSLCommon.py @@ -39,6 +39,7 @@ def CreateSSLContext(pkey, cert, ca_cert, passwd_callback=None): if passwd_callback: ctx.set_passwd_cb = passwd_callback + ctx.set_cipher_list('ALL:!aNULL:!ADH:!eNULL:!LOW:!MEDIUM:!EXP:RC4+RSA:+HIGH') ctx.use_certificate_file(cert) ctx.use_privatekey_file(pkey) ctx.load_client_ca(ca_cert)