proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-08-06 07:20:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update default CIPHERS to a more current list

Browse Source 
The default CIPHERS allowed for a fair amount of not really considered
secure anymore connections.  This updated cipher list is taken from
mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
This commit is contained in:
Rhonda D'Vine 2018-10-11 12:05:19 +02:00 committed by Thomas Lamprecht
parent 3a8d2854bb
commit 5878f07454
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PVE/Service/pveproxy.pm
View File

@ -106,7 +106,7 @@ sub init {
method => 'any',
sslv2 => 0,
sslv3 => 0,
cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
cipher_list => $proxyconf->{CIPHERS} || 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256',
key_file => '/etc/pve/local/pve-ssl.key',
cert_file => '/etc/pve/local/pve-ssl.pem',
},