[lxc-devel] [lxd/master] tls: Add some more TLS ciphers

Wed, 20 Sep 2017 09:58:29 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/3827

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Closes #3822

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>

From b54688819e5fc48cdee263c88abfb232691c027c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Wed, 20 Sep 2017 12:57:39 -0400
Subject: [PATCH] tls: Add some more TLS ciphers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #3822

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/daemon.go     | 8 ++++++++
 shared/network.go | 8 +++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lxd/daemon.go b/lxd/daemon.go
index 8b41fd58a..481d7b6c3 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -636,7 +636,15 @@ func (d *Daemon) Init() error {
                        MinVersion:   tls.VersionTLS12,
                        MaxVersion:   tls.VersionTLS12,
                        CipherSuites: []uint16{
+                               tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+                               tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+                               tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+                               tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+                               tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+                               tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+                               tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                                tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                               tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                                tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
                        PreferServerCipherSuites: true,
                }
diff --git a/shared/network.go b/shared/network.go
index a2ee54740..50e56fb44 100644
--- a/shared/network.go
+++ b/shared/network.go
@@ -41,9 +41,15 @@ func initTLSConfig() *tls.Config {
                MinVersion: tls.VersionTLS12,
                MaxVersion: tls.VersionTLS12,
                CipherSuites: []uint16{
+                       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+                       tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                        tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-                       tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                        tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+                       tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+                       tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+                       tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                       tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                        tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
                PreferServerCipherSuites: true,
        }

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to