From 4dedebac5475189326410baf31fe2bad5157fba6 Mon Sep 17 00:00:00 2001 From: Sebastian Schmidt Date: Mon, 19 Jul 2021 09:37:50 +0000 Subject: [PATCH] remove ciphers The LiteSpeed webserver provides better defaults and is updated more often. It also allows the administrator to set better ciphers for the entire server more easily than having to edit every zone individually --- plogical/sslUtilities.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/plogical/sslUtilities.py b/plogical/sslUtilities.py index d8477d601..b9c267b74 100755 --- a/plogical/sslUtilities.py +++ b/plogical/sslUtilities.py @@ -90,7 +90,6 @@ class sslUtilities: certFile = " certFile /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n" certChain = " certChain 1" + "\n" sslProtocol = " sslProtocol 24" + "\n" - ciphers = " ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" + "\n" enableECDHE = " enableECDHE 1" + "\n" renegProtection = " renegProtection 1" + "\n" sslSessionCache = " sslSessionCache 1" + "\n" @@ -108,7 +107,6 @@ class sslUtilities: writeDataToFile.writelines(certFile) writeDataToFile.writelines(certChain) writeDataToFile.writelines(sslProtocol) - writeDataToFile.writelines(ciphers) writeDataToFile.writelines(enableECDHE) writeDataToFile.writelines(renegProtection) writeDataToFile.writelines(sslSessionCache) @@ -161,7 +159,6 @@ class sslUtilities: certFile = " certFile /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n" certChain = " certChain 1" + "\n" sslProtocol = " sslProtocol 24" + "\n" - ciphers = " ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" + "\n" enableECDHE = " enableECDHE 1" + "\n" renegProtection = " renegProtection 1" + "\n" sslSessionCache = " sslSessionCache 1" + "\n" @@ -177,7 +174,6 @@ class sslUtilities: writeSSLConfig.writelines(certFile) writeSSLConfig.writelines(certChain) writeSSLConfig.writelines(sslProtocol) - writeSSLConfig.writelines(ciphers) writeSSLConfig.writelines(enableECDHE) writeSSLConfig.writelines(renegProtection) writeSSLConfig.writelines(sslSessionCache)