URL: https://github.com/freeipa/freeipa/pull/544 Author: stlaz Title: #544: Don't use weak ciphers for client HTTPS connections Action: opened
PR body: """ https://pagure.io/freeipa/issue/6730 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/544/head:pr544 git checkout pr544
From 6aac15ae557d6c2c1c11660334e72192530ca225 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 23 Feb 2017 14:31:50 +0100 Subject: [PATCH] Don't use weak ciphers for client HTTPS connections https://pagure.io/freeipa/issue/6730 --- ipalib/util.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ipalib/util.py b/ipalib/util.py index 2beabf1..cbfbc5d 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -303,6 +303,10 @@ def create_https_connection( ssl.OP_SINGLE_ECDH_USE ) + # high ciphers without RC4, MD5, TripleDES, pre-shared key + # and secure remote password + ctx.set_ciphers("HIGH:!aNULL:!eNULL:!MD5:!RC4:!3DES:!PSK:!SRP") + # pylint: enable=no-member # set up the correct TLS version flags for the SSL context for version in TLS_VERSIONS:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code