This is an automated email from the ASF dual-hosted git repository.
jeremiaswerner pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new d815394 Limit cipher suites used for controller https (#3706)
d815394 is described below
commit d815394ca5201bab7e7d270af4d471341549c843
Author: Vadim Raskin <[email protected]>
AuthorDate: Mon May 28 14:52:02 2018 +0300
Limit cipher suites used for controller https (#3706)
* Limit cipher suites used for controller https
* Limit the ciphers on kafka as well
---
ansible/group_vars/all | 3 ---
core/controller/src/main/resources/application.conf | 6 ++++++
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 286b8e4..25312d2 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -112,9 +112,6 @@ kafka:
name: kafka-keystore.jks
password: openwhisk
cipher_suites:
- - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
diff --git a/core/controller/src/main/resources/application.conf
b/core/controller/src/main/resources/application.conf
index faec173..a288636 100644
--- a/core/controller/src/main/resources/application.conf
+++ b/core/controller/src/main/resources/application.conf
@@ -72,3 +72,9 @@ akka {
metrics.enabled=off
}
}
+
+ssl-config.enabledCipherSuites = [
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+]
--
To stop receiving notification emails like this one, please contact
[email protected].
