aboutsummaryrefslogtreecommitdiffstats
path: root/epsdk-app-onap/src/main/resources/server.xml
diff options
context:
space:
mode:
authorIttay Stern <ittay.stern@att.com>2019-03-18 09:00:31 +0000
committerGerrit Code Review <gerrit@onap.org>2019-03-18 09:00:31 +0000
commitd43580130f866f23be4d8269e285d120dd6c5867 (patch)
tree1017c35cd22f109616c811f4a74213576271b301 /epsdk-app-onap/src/main/resources/server.xml
parent7380952d025451b4fb6603c2af0582d3e31f71ee (diff)
parentddd49724eded1a994101032a7ec38125d54d2955 (diff)
Merge "setting security level to OWASP Cipher String 'A'"
Diffstat (limited to 'epsdk-app-onap/src/main/resources/server.xml')
-rw-r--r--epsdk-app-onap/src/main/resources/server.xml46
1 files changed, 7 insertions, 39 deletions
diff --git a/epsdk-app-onap/src/main/resources/server.xml b/epsdk-app-onap/src/main/resources/server.xml
index 2a1bab5af..a7cd9c7bb 100644
--- a/epsdk-app-onap/src/main/resources/server.xml
+++ b/epsdk-app-onap/src/main/resources/server.xml
@@ -84,49 +84,17 @@
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS" keyAlias="${vid.keyalias}"
+ clientAuth="false" sslProtocol="TLSv1.2" keyAlias="${vid.keyalias}"
keystoreFile="${vid.keystore.filename}" keystorePass="${vid.keystore.password}"
useServerCipherSuitesOrder="true"
- ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS_ECDH_RSA_WITH_RC4_128_SHA,
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ ciphers=" TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS_RSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS_RSA_WITH_AES_128_GCM_SHA256,
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
- TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
/>