[pve-devel] applied: [PATCH manager 1/2] Update default CIPHERS to a more current list
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Oct 17 08:12:29 CEST 2018
On 10/11/18 12:05 PM, Rhonda D'Vine wrote:
> The default CIPHERS allowed for a fair amount of not really considered
> secure anymore connections. This updated cipher list is taken from
> mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS
>
> Signed-off-by: Rhonda D'Vine <rhonda at proxmox.com>
> ---
> PVE/Service/pveproxy.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
> index bb60b29e..b286931b 100755
> --- a/PVE/Service/pveproxy.pm
> +++ b/PVE/Service/pveproxy.pm
> @@ -106,7 +106,7 @@ sub init {
> method => 'any',
> sslv2 => 0,
> sslv3 => 0,
> - cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
> + cipher_list => $proxyconf->{CIPHERS} || 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256',
> key_file => '/etc/pve/local/pve-ssl.key',
> cert_file => '/etc/pve/local/pve-ssl.pem',
> },
>
applied, thanks!
More information about the pve-devel
mailing list