openwhisk-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jeremiaswer...@apache.org
Subject [incubator-openwhisk] branch master updated: Limit cipher suites used for controller https (#3706)
Date Mon, 28 May 2018 11:52:06 GMT
This is an automated email from the ASF dual-hosted git repository.

jeremiaswerner pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new d815394  Limit cipher suites used for controller https (#3706)
d815394 is described below

commit d815394ca5201bab7e7d270af4d471341549c843
Author: Vadim Raskin <raskinvadim@gmail.com>
AuthorDate: Mon May 28 14:52:02 2018 +0300

    Limit cipher suites used for controller https (#3706)
    
    * Limit cipher suites used for controller https
    
    * Limit the ciphers on kafka as well
---
 ansible/group_vars/all                              | 3 ---
 core/controller/src/main/resources/application.conf | 6 ++++++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 286b8e4..25312d2 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -112,9 +112,6 @@ kafka:
       name: kafka-keystore.jks
       password: openwhisk
     cipher_suites:
-    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-    - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
     - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
diff --git a/core/controller/src/main/resources/application.conf b/core/controller/src/main/resources/application.conf
index faec173..a288636 100644
--- a/core/controller/src/main/resources/application.conf
+++ b/core/controller/src/main/resources/application.conf
@@ -72,3 +72,9 @@ akka {
     metrics.enabled=off
   }
 }
+
+ssl-config.enabledCipherSuites = [
+  "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+  "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+  "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+]

-- 
To stop receiving notification emails like this one, please contact
jeremiaswerner@apache.org.

Mime
View raw message