mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
b553448884
IPA now uses the system-wide crypto policy for TLS ciphers on RHEL. It's also now possible to keep the default policy by setting TLS_HIGH_CIPHERS to None. Fixes: https://pagure.io/freeipa/issue/7998 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
24 lines
704 B
Python
24 lines
704 B
Python
#
|
|
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
'''
|
|
This Red Hat OS family base platform module exports default platform
|
|
related constants for the Red Hat OS family-based systems.
|
|
'''
|
|
|
|
# Fallback to default path definitions
|
|
from __future__ import absolute_import
|
|
|
|
from ipaplatform.base.constants import BaseConstantsNamespace
|
|
|
|
|
|
class RedHatConstantsNamespace(BaseConstantsNamespace):
|
|
# System-wide crypto policy, but without TripleDES, pre-shared key,
|
|
# secure remote password, and DSA cert authentication.
|
|
# see https://fedoraproject.org/wiki/Changes/CryptoPolicy
|
|
TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS"
|
|
|
|
|
|
constants = RedHatConstantsNamespace()
|