mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-27 09:21:59 -06:00
90a75f0d43
HTTPS connections from IPA framework and bind named instance now use system-wide crypto-policies on Fedora. For HTTPS the 'DEFAULT' crypto policy also includes unnecessary ciphers for PSK, SRP, aDSS and 3DES. Since these ciphers are not used by freeIPA, they are explicitly excluded. See: https://bugzilla.redhat.com/show_bug.cgi?id=1179925 See: https://bugzilla.redhat.com/show_bug.cgi?id=1179220 Fixes: https://pagure.io/freeipa/issue/4853 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
26 lines
847 B
Python
26 lines
847 B
Python
#
|
|
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
'''
|
|
This Fedora base platform module exports platform related constants.
|
|
'''
|
|
|
|
# Fallback to default constant definitions
|
|
from ipaplatform.redhat.constants import RedHatConstantsNamespace
|
|
|
|
|
|
class FedoraConstantsNamespace(RedHatConstantsNamespace):
|
|
# Fedora allows installation of Python 2 and 3 mod_wsgi, but the modules
|
|
# can't coexist. For Apache to load correct module.
|
|
MOD_WSGI_PYTHON2 = "modules/mod_wsgi.so"
|
|
MOD_WSGI_PYTHON3 = "modules/mod_wsgi_python3.so"
|
|
|
|
# System-wide crypto policy, but without TripleDES, pre-shared key,
|
|
# secure remote password, and DSA cert authentication.
|
|
# see https://fedoraproject.org/wiki/Changes/CryptoPolicy
|
|
TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS"
|
|
|
|
|
|
constants = FedoraConstantsNamespace()
|