From 59bc53f57386a3950b8cd62d404ba5b2bc65bfe4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=E1=B4=8F=C9=B4=C9=A2=20Jie?= <gongjie@linux.vnet.ibm.com>
Date: Mon, 11 Mar 2019 17:40:53 +0800
Subject: [PATCH] Set the default value of site.xcatsslversion to
 SSLv23:!SSLv2:!SSLv3:!TLSv1 (#6061)

* Set $extrasslargs{SSL_version} as "SSLv23:!SSLv2:!SSLv3:!TLSv1" by default

* Remove xcatsslversion related part in script xcatconfig
---
 xCAT-server/sbin/xcatconfig | 14 --------------
 xCAT-server/sbin/xcatd      |  3 +++
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig
index b0ced3136..1d3652d92 100755
--- a/xCAT-server/sbin/xcatconfig
+++ b/xCAT-server/sbin/xcatconfig
@@ -1206,7 +1206,6 @@ sub initDB
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;";
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;";
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;";
-        $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1_2;";
         $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditskipcmds site.value=ALL;";
 
         #$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031
@@ -1472,19 +1471,6 @@ sub initDB
                 xCAT::MsgUtils->message('E', "Could not set ddns as dnshandler.");
             }
         }
-
-        # Set default value for site.xcatsslversion when update xcat
-        $cmds = "XCATBYPASS=Y $::XCATROOT/sbin/tabdump site 2>/dev/null |grep xcatsslversion";
-        xCAT::Utils->runcmd("$cmds", -1);
-        if ($::RUNCMD_RC != 0) {
-
-            # if site.xcatsslversion was not set, then set the default value TLSv1_2
-            $cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1_2;";
-            xCAT::Utils->runcmd("$cmds", 0);
-            if ($::RUNCMD_RC != 0) {
-                xCAT::MsgUtils->message('E', "Could not add default value for site.xcatsslversion.");
-            }
-        }
     }
 
     # remove xcatserver,xcatclient
diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd
index 71aa7bc75..8f31e4f83 100755
--- a/xCAT-server/sbin/xcatd
+++ b/xCAT-server/sbin/xcatd
@@ -1548,7 +1548,10 @@ until ($quit) {
 
         populate_site_hash();
         my %extrasslargs;
+
         if ($::XCATSITEVALS{xcatsslversion}) { $extrasslargs{SSL_version} = $::XCATSITEVALS{xcatsslversion}; }
+        $extrasslargs{SSL_version} = "SSLv23:!SSLv2:!SSLv3:!TLSv1" unless length $extrasslargs{SSL_version};
+
         if ($::XCATSITEVALS{xcatsslciphers}) { $extrasslargs{SSL_cipher_list} = $::XCATSITEVALS{xcatsslciphers}; }
         use Data::Dumper;