ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Harden default TLS configuration (RIPD-1332, RIPD-1333, RIPD-1334):

Browse Source 
The existing configuration includes 512 and 1024 bit DH
parameters and supports ciphers such as RC4 and 3DES and
hash algorithms like SHA-1 which are no longer considered
secure.

Going forward, use only 2048-bit DH parameters and define
a new default set of modern ciphers to use:

    HIGH:!aNULL:!MD5:!DSS:!SHA1:!3DES:!RC4:!EXPORT:!DSS

Additionally, allow administrators who wish to have different
settings to configure custom global and per-port ciphers suites
in the configuration file using the `ssl_ciphers` directive.
This commit is contained in:
Nik Bougalis
2016-11-21 17:22:32 -08:00
parent b00b81a861
commit 2c87739d6c
8 changed files with 119 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/ripple/server/impl/Port.cpp
View File

@@ -216,6 +216,7 @@ parse_Port (ParsedPort& port, Section const& section, std::ostream& log)
set(port.ssl_key, "ssl_key", section);
set(port.ssl_cert, "ssl_cert", section);
set(port.ssl_chain, "ssl_chain", section);
set(port.ssl_ciphers, "ssl_ciphers", section);
}
} // ripple