Harden default TLS configuration (RIPD-1332, RIPD-1333, RIPD-1334):

The existing configuration includes 512 and 1024 bit DH parameters and supports ciphers such as RC4 and 3DES and hash algorithms like SHA-1 which are no longer considered secure. Going forward, use only 2048-bit DH parameters and define a new default set of modern ciphers to use: HIGH:!aNULL:!MD5:!DSS:!SHA1:!3DES:!RC4:!EXPORT:!DSS Additionally, allow administrators who wish to have different settings to configure custom global and per-port ciphers suites in the configuration file using the `ssl_ciphers` directive.
2025-12-06 17:27:55 +00:00 · 2016-11-21 17:22:32 -08:00
parent b00b81a861
commit 2c87739d6c
8 changed files with 119 additions and 196 deletions
--- a/src/test/overlay/short_read_test.cpp
+++ b/src/test/overlay/short_read_test.cpp
@@ -555,7 +555,7 @@ public:
                beast::Thread::setCurrentThreadName("io_service");
                this->io_service_.run();
            }))
-        , context_(make_SSLContext())
+        , context_(make_SSLContext(""))
    {
    }