[servicecomb-docs] branch master updated: remove weak TLS cipher suits from default config

[wujimin]

This is an automated email from the ASF dual-hosted git repository.

wujimin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-docs.git


The following commit(s) were added to refs/heads/master by this push:
     new e32f04b  remove weak TLS cipher suits from default config
e32f04b is described below

commit e32f04be738be66edc2dd119ca54c08bf460c49c
Author: yaohaishi <yaohai...@huawei.com>
AuthorDate: Sun May 5 17:57:25 2019 +0800

    remove weak TLS cipher suits from default config
---
 java-chassis-reference/en_US/security/tls.md | 12 +++++-------
 java-chassis-reference/zh_CN/security/tls.md |  5 +----
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/java-chassis-reference/en_US/security/tls.md 
b/java-chassis-reference/en_US/security/tls.md
index 22bfae6..adf91e8 100755
--- a/java-chassis-reference/en_US/security/tls.md
+++ b/java-chassis-reference/en_US/security/tls.md
@@ -54,15 +54,13 @@ Generally, there is no need to configure tags. The normal 
situation is divided i
 The certificate configuration items are shown in Table 1. Certificate 
Configuration Item Description Table.
 **Table 1 Certificate Configuration Item Description Table**
 
-| Configuration Item | Default Value | Range of Value | Required | Meaning |
+| Configuration Item | Default Value | Range of Value | Required | Meaning | 
Caution |
 | :--- | :--- | :--- | :--- | :--- | :--- |
-Ssl.engine| jdk | - | No | ssl protocol, provide jdk/openssl options | default 
jdk |
-| ssl.protocols | TLSv1.2 | - | No | Protocol List | Separated by Comma |
-| ssl.ciphers | 
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384,<br/>TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384,<br/>TLS\_ECDHE\_RSA\_WITH
 \_AES\_128\_GCM\_SHA256,<br/>TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256 | - | No|
-List of laws | separated by commas |
+| Ssl.engine| jdk | - | No | ssl protocol, provide jdk/openssl options | 
default jdk |
+| ssl.protocols | TLSv1.2 | - | No | Protocol List | separated by comma |
+| ssl.ciphers | 
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384,<br/>TLS\_ECDHE\_RSA\_WITH 
\_AES\_128\_GCM\_SHA256 | - | No| List of laws | separated by comma |
 | ssl.authPeer | true | - | No | Whether to authenticate the peer | - |
-ssl.checkCN.host | true | - | No | Check whether the CN of the certificate is 
checked. This configuration item is valid only on the Consumer side and is 
valid using the http protocol. That is, the Consusser side uses the rest 
channel. Invalid for Provider, highway, etc. The purpose of checking CN is to 
prevent the server from being phishing, refer to >
-Standard definition: [https://tools.ietf.org/html/rfc2818. 
](https://tools.ietf.org/html/rfc2818.) |
+| ssl.checkCN.host | true | - | No | Check whether the CN of the certificate 
is checked. | This configuration item is valid only on the Consumer side and is 
valid using the http protocol. That is, the Consusser side uses the rest 
channel. Invalid for Provider, highway, etc. The purpose of checking CN is to 
prevent the server from being phishing, refer to Standard definition: 
[https://tools.ietf.org/html/rfc2818. ](https://tools.ietf.org/html/rfc2818.) |
 | ssl.trustStore | trust.jks | - | No | Trust certificate file | - |
 | ssl.trustStoreType | JKS | - | No | Trust Certificate Type | - |
 | ssl.trustStoreValue | - | - | No | Trust Certificate Password | - |
diff --git a/java-chassis-reference/zh_CN/security/tls.md 
b/java-chassis-reference/zh_CN/security/tls.md
index 0c4fa6d..892ea6a 100644
--- a/java-chassis-reference/zh_CN/security/tls.md
+++ b/java-chassis-reference/zh_CN/security/tls.md
@@ -58,7 +58,7 @@ ssl.[tag].[property]
 | :--- | :--- | :--- | :--- | :--- | :--- |
 | ssl.engine| jdk | - | 否 | ssl协议，提供jdk/openssl选择 | 默认为jdk |
 | ssl.protocols | TLSv1.2 | - | 否 | 协议列表 | 使用逗号分隔 |
-| ssl.ciphers | 
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384,<br/>TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384,<br/>TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256,<br/>TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256
 | - | 否 | 算法列表 | 使用逗号分隔 |
+| ssl.ciphers | 
TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384,<br/>TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256
 | - | 否 | 算法列表 | 使用逗号分隔 |
 | ssl.authPeer | true | - | 否 | 是否认证对端 | - |
 | ssl.checkCN.host | true | - | 否 | 是否对证书的CN进行检查 | 
该配置项只对Consumer端，并且使用http协议有效，即Consumser端使用rest通道有效。对于Provider端、highway通道等无效。检查CN的目的是防止服务器被钓鱼，参考标准定义：[https://tools.ietf.org/html/rfc2818。](https://tools.ietf.org/html/rfc2818。)
 |
 | ssl.trustStore | trust.jks | - | 否 | 信任证书文件 | - |
@@ -106,6 +106,3 @@ ssl.keyStoreValue: Changeme_123
 ssl.crl: revoke.crl
 ssl.sslCustomClass: org.apache.servicecomb.demo.DemoSSLCustom
 ```
-
-
-