OpenSSL requires that we include atleast a 1024 bit DH key in our certs if we use DH during key exchange.
Hence, always use RSA at key exchange. This fixes issue 1104. Signed-off-by: BSRK Aditya <[email protected]> --- src/Ganeti/Constants.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ganeti/Constants.hs b/src/Ganeti/Constants.hs index 7d04720..48f0df2 100644 --- a/src/Ganeti/Constants.hs +++ b/src/Ganeti/Constants.hs @@ -562,7 +562,7 @@ rsaKeyBits = 2048 -- after it's been removed. Use the "openssl" utility to check the -- allowed ciphers, e.g. "openssl ciphers -v HIGH:-DES". opensslCiphers :: String -opensslCiphers = "HIGH:-DES:-3DES:-EXPORT:-ADH" +opensslCiphers = "kRSA:-MEDIUM:-LOW:-DES:-3DES:-EXPORT" -- * X509 -- 2.6.0.rc2.230.g3dd15c0
