ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Harden default TLS configuration (RIPD-1332, RIPD-1333, RIPD-1334):

Browse Source 
The existing configuration includes 512 and 1024 bit DH
parameters and supports ciphers such as RC4 and 3DES and
hash algorithms like SHA-1 which are no longer considered
secure.

Going forward, use only 2048-bit DH parameters and define
a new default set of modern ciphers to use:

    HIGH:!aNULL:!MD5:!DSS:!SHA1:!3DES:!RC4:!EXPORT:!DSS

Additionally, allow administrators who wish to have different
settings to configure custom global and per-port ciphers suites
in the configuration file using the `ssl_ciphers` directive.
This commit is contained in:
Nik Bougalis
2016-11-21 17:22:32 -08:00
parent b00b81a861
commit 2c87739d6c
8 changed files with 119 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ripple/overlay/impl/OverlayImpl.cpp
View File

@@ -1074,7 +1074,7 @@ setup_Overlay (BasicConfig const& config)
{
Overlay::Setup setup;
auto const& section = config.section("overlay");
setup.context = make_SSLContext();
setup.context = make_SSLContext("");
setup.expire = get<bool>(section, "expire", false);
set (setup.ipLimit, "ip_limit", section);