NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(HTTPS): correctly use secure options

Browse Source 
Extra TLS options where not used due to incorrect code, it is now fixed.
This commit is contained in:
Julien Fontanet 2017-09-15 11:43:02 +02:00
parent a6c2622f6b
commit 3bd7798eda
2 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
config.json
View File

@ -8,20 +8,24 @@
"port": 80 "port": 80
} }
], ],
"mounts": {},
// Ciphers to use. // These options are applied to all listen entries.
// "listenOptions": {
// These are the default ciphers in Node 4.2.6, we are setting // Ciphers to use.
// them explicitly for older Node versions. //
"ciphers": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", // These are the default ciphers in Node 4.2.6, we are setting
// them explicitly for older Node versions.
"ciphers": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA",
// Tell Node to respect the cipher order. // Tell Node to respect the cipher order.
"honorCipherOrder": true, "honorCipherOrder": true,
// Specify to use at least TLSv1.1. // Specify to use at least TLSv1.1.
// See: https://github.com/certsimple/minimum-tls-version // See: https://github.com/certsimple/minimum-tls-version
"secureOptions": 117440512 "secureOptions": 117440512
},
"mounts": {}
}, },
"datadir": "/var/lib/xo-server/data", "datadir": "/var/lib/xo-server/data",

13
src/index.js
View File

@ -293,7 +293,7 @@ async function registerPlugins (xo) {
// =================================================================== // ===================================================================
async function makeWebServerListen ({ async function makeWebServerListen (webServer, {
certificate, certificate,
// The properties was called `certificate` before. // The properties was called `certificate` before.
@ -308,9 +308,8 @@ async function makeWebServerListen ({
readFile(key) readFile(key)
]) ])
} }
try { try {
const niceAddress = await this.listen(opts) const niceAddress = await webServer.listen(opts)
debug(`Web server listening on ${niceAddress}`) debug(`Web server listening on ${niceAddress}`)
} catch (error) { } catch (error) {
if (error.niceAddress) { if (error.niceAddress) {
@ -329,10 +328,12 @@ async function makeWebServerListen ({
} }
} }
async function createWebServer (opts) { async function createWebServer ({ listen, listenOptions }) {
const webServer = new WebServer() const webServer = new WebServer()
await Promise.all(mapToArray(opts, webServer::makeWebServerListen)) await Promise.all(mapToArray(listen,
opts => makeWebServerListen(webServer, { ...listenOptions, ...opts })
))
return webServer return webServer
} }
@ -539,7 +540,7 @@ export default async function main (args) {
const config = await loadConfiguration() const config = await loadConfiguration()
const webServer = await createWebServer(config.http.listen) const webServer = await createWebServer(config.http)
// Now the web server is listening, drop privileges. // Now the web server is listening, drop privileges.
try { try {