diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig index b0ced3136..1d3652d92 100755 --- a/xCAT-server/sbin/xcatconfig +++ b/xCAT-server/sbin/xcatconfig @@ -1206,7 +1206,6 @@ sub initDB $chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;"; - $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1_2;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditskipcmds site.value=ALL;"; #$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031 @@ -1472,19 +1471,6 @@ sub initDB xCAT::MsgUtils->message('E', "Could not set ddns as dnshandler."); } } - - # Set default value for site.xcatsslversion when update xcat - $cmds = "XCATBYPASS=Y $::XCATROOT/sbin/tabdump site 2>/dev/null |grep xcatsslversion"; - xCAT::Utils->runcmd("$cmds", -1); - if ($::RUNCMD_RC != 0) { - - # if site.xcatsslversion was not set, then set the default value TLSv1_2 - $cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1_2;"; - xCAT::Utils->runcmd("$cmds", 0); - if ($::RUNCMD_RC != 0) { - xCAT::MsgUtils->message('E', "Could not add default value for site.xcatsslversion."); - } - } } # remove xcatserver,xcatclient diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd index 71aa7bc75..8f31e4f83 100755 --- a/xCAT-server/sbin/xcatd +++ b/xCAT-server/sbin/xcatd @@ -1548,7 +1548,10 @@ until ($quit) { populate_site_hash(); my %extrasslargs; + if ($::XCATSITEVALS{xcatsslversion}) { $extrasslargs{SSL_version} = $::XCATSITEVALS{xcatsslversion}; } + $extrasslargs{SSL_version} = "SSLv23:!SSLv2:!SSLv3:!TLSv1" unless length $extrasslargs{SSL_version}; + if ($::XCATSITEVALS{xcatsslciphers}) { $extrasslargs{SSL_cipher_list} = $::XCATSITEVALS{xcatsslciphers}; } use Data::Dumper;