xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-24 00:23:53 +00:00
Code Issues Projects Releases Wiki Activity

Explicitly set ECDHE curve

Browse Source 
Some vintages of the SSL stack require we explicitly request a curve,
so here it is.
This commit is contained in:
Jarrod Johnson 2018-07-16 16:23:33 -04:00
parent 13aa2e9aae
commit 3ab4203104
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
confluent_server/confluent/sockapi.py
View File

@ -357,6 +357,7 @@ def _tlsstartup(cnn):
ctx.set_ciphers(
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:'
'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384')
ctx.set_tmp_ecdh(crypto.get_elliptic_curve('secp384r1'))
ctx.load_cert_chain('/etc/confluent/srvcert.pem',
'/etc/confluent/privkey.pem')
cnn = ctx.wrap_socket(cnn, server_side=True)