Ubuntu Push Notifications

Merge lp:~pedronis/ubuntu-push/no-rc4-cipher-suites-no-ssl-v3 into lp:ubuntu-push/automatic

Proposed by Samuele Pedroni on 2015-03-18

Status:	Merged
Approved by:	Samuele Pedroni on 2015-03-18
Approved revision:	376
Merged at revision:	376
Proposed branch:	lp:~pedronis/ubuntu-push/no-rc4-cipher-suites-no-ssl-v3
Merge into:	lp:ubuntu-push/automatic
Diff against target:	22 lines (+12/-0) 1 file modified server/tlsconfig.go (+12/-0)
To merge this branch:	bzr merge lp:~pedronis/ubuntu-push/no-rc4-cipher-suites-no-ssl-v3
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Guillermo Gonzalez		Approve on 2015-03-18
Bret Barker (community)	2015-03-18	Approve on 2015-03-18
Review via email: mp+253377@code.launchpad.net

servers shouldn't allow sslv3 and shouldn't advertize rc4 cipher suites

servers shouldn't allow sslv3 and shouldn't advertize rc4 cipher suites

Revision history for this message

Bret Barker (noise) wrote on 2015-03-18:

looks good.

review: Approve

Revision history for this message

Guillermo Gonzalez (verterok) wrote on 2015-03-18:

review: Approve

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

People subscribed via source and target branches

to all changes:

 === modified file 'server/tlsconfig.go'
 --- server/tlsconfig.go	2014-09-04 12:51:08 +0000
 +++ server/tlsconfig.go	2015-03-18 14:44:53 +0000
@@ -48,6 +48,18 @@
  	tlsCfg := &tls.Config{
  		Certificates:           []tls.Certificate{cfg.cert},
  		SessionTicketsDisabled: true,
++		// order from crypto/tls/cipher_suites.go, no RC4
++		CipherSuites: []uint16{
++			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
++			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
++			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
++			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
++			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
++			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
++			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
++			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
++		},
++		MinVersion: tls.VersionTLS12,
+ 	}
  	return tlsCfg
+ }