upstream/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2026-06-04 22:32:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN

Browse source
This commit is contained in:
Alexander A. Klimov 2021-07-16 18:32:26 +02:00
parent 80a1128ec7
commit 7f7637c9b8
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/base/tlsutility.hpp
View file

@ -25,6 +25,10 @@
namespace icinga
{
const char * const DEFAULT_TLS_CIPHERS = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256";
const char * const DEFAULT_TLS_PROTOCOLMIN = "TLSv1.2";
void InitializeOpenSSL();
String GetOpenSSLVersion();

5
lib/remote/apilistener.ti
View file

@ -3,6 +3,7 @@
#include "remote/i2-remote.hpp"
#include "base/configobject.hpp"
#include "base/application.hpp"
#include "base/tlsutility.hpp"
library remote;
@ -18,10 +19,10 @@ class ApiListener : ConfigObject
[config, deprecated] String ca_path;
[config] String crl_path;
[config] String cipher_list {
default {{{ return "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256"; }}}
default {{{ return DEFAULT_TLS_CIPHERS; }}}
};
[config] String tls_protocolmin {
default {{{ return "TLSv1.2"; }}}
default {{{ return DEFAULT_TLS_PROTOCOLMIN; }}}
};
[config] String bind_host {