diff options
| author |   Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2019-03-15 10:19:43 +0100 |
|---|---|---|
| committer | Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2019-03-18 09:00:37 +0100 |
| commit | ddd49724eded1a994101032a7ec38125d54d2955 (patch) | |
| tree | f9e0e8554cdba44e53e11bc646eb84ae6e04f7a9 | |
| parent | 37ad0cc1d36ec6ff68ec39fcaaf2617eef7d08fe (diff) | |
setting security level to OWASP Cipher String 'A'
Change-Id: I08562d62fbed8e490f6c9211aa2f1564246e713a
Issue-ID: VID-444
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
| -rw-r--r-- | epsdk-app-onap/src/main/resources/server.xml | 46 |
1 files changed, 7 insertions, 39 deletions
diff --git a/epsdk-app-onap/src/main/resources/server.xml b/epsdk-app-onap/src/main/resources/server.xml index 2a1bab5af..a7cd9c7bb 100644 --- a/epsdk-app-onap/src/main/resources/server.xml +++ b/epsdk-app-onap/src/main/resources/server.xml @@ -84,49 +84,17 @@ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - clientAuth="false" sslProtocol="TLS" keyAlias="${vid.keyalias}" + clientAuth="false" sslProtocol="TLSv1.2" keyAlias="${vid.keyalias}" keystoreFile="${vid.keystore.filename}" keystorePass="${vid.keystore.password}" useServerCipherSuitesOrder="true" - ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - TLS_ECDH_RSA_WITH_RC4_128_SHA, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + ciphers=" TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_EMPTY_RENEGOTIATION_INFO_SCSVF" + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" /> |