Repository: trafficserver Updated Branches: refs/heads/master 7785723e4 -> f9eb37260
TS-2400: Our default SSL cipher-suite advocates speed over security Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/f9eb3726 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/f9eb3726 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/f9eb3726 Branch: refs/heads/master Commit: f9eb372606fe1f86ba649e86539575bd30c17d07 Parents: 7785723 Author: Bryan Call <bc...@apache.org> Authored: Thu May 22 11:53:08 2014 -0700 Committer: Bryan Call <bc...@apache.org> Committed: Thu May 22 11:53:08 2014 -0700 ---------------------------------------------------------------------- CHANGES | 2 ++ mgmt/RecordsConfig.cc | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f9eb3726/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 5bcfa08..254cece 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.0.0 + *) [TS-2400] Our default SSL cipher-suite advocates speed over security + *) [TS-2818] TSHttpTxnServerAddrSet() doesn't update the server port *) [TS-2793] Remove UnixNetVConnection::selected_next_protocol. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f9eb3726/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 91ac5d7..d316a7c 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1249,7 +1249,7 @@ RecordElement RecordsConfig[] = { , {RECT_CONFIG, "proxy.config.ssl.number.threads", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.server.cipher_suite", RECD_STRING, "RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} + {RECT_CONFIG, "proxy.config.ssl.server.cipher_suite", RECD_STRING, "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2", RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.server.honor_cipher_order", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} ,