[CalendarServer-changes] [5576] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Fri May 7 19:45:22 PDT 2010
Revision: 5576
http://trac.macosforge.org/projects/calendarserver/changeset/5576
Author: dre at apple.com
Date: 2010-05-07 19:45:17 -0700 (Fri, 07 May 2010)
Log Message:
-----------
Disable weak SSL ciphers; add support for SSLCiphers caldavd.plist key
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/caldav.py
CalendarServer/trunk/twext/internet/ssl.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py 2010-05-07 19:30:30 UTC (rev 5575)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py 2010-05-08 02:45:17 UTC (rev 5576)
@@ -534,6 +534,7 @@
certificateChainFile=config.SSLAuthorityChain,
passwdCallback=getSSLPassphrase,
sslmethod=getattr(OpenSSL.SSL, config.SSLMethod),
+ ciphers=config.SSLCiphers.strip()
)
Modified: CalendarServer/trunk/twext/internet/ssl.py
===================================================================
--- CalendarServer/trunk/twext/internet/ssl.py 2010-05-07 19:30:30 UTC (rev 5575)
+++ CalendarServer/trunk/twext/internet/ssl.py 2010-05-08 02:45:17 UTC (rev 5576)
@@ -31,10 +31,11 @@
def __init__(
self, privateKeyFileName, certificateFileName,
sslmethod=SSLv3_METHOD, certificateChainFile=None,
- passwdCallback=None
+ passwdCallback=None, ciphers=None
):
self.certificateChainFile = certificateChainFile
self.passwdCallback = passwdCallback
+ self.ciphers = ciphers
DefaultOpenSSLContextFactory.__init__(
self,
@@ -47,6 +48,9 @@
# Unfortunate code duplication.
ctx = SSLContext(self.sslmethod)
+ if self.ciphers is not None:
+ ctx.set_cipher_list(self.ciphers)
+
if self.passwdCallback is not None:
ctx.set_passwd_cb(self.passwdCallback)
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2010-05-07 19:30:30 UTC (rev 5575)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2010-05-08 02:45:17 UTC (rev 5576)
@@ -130,6 +130,7 @@
"SSLPort" : 0, # SSL port (0 to disable HTTPS)
"RedirectHTTPToHTTPS" : False, # If True, all nonSSL requests redirected to an SSL Port
"SSLMethod" : "SSLv3_METHOD", # SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD
+ "SSLCiphers" : "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM",
#
# Network address configuration information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20100507/4e618f8f/attachment.html>
More information about the calendarserver-changes
mailing list