From a9a77147befa4766fd755496d7522f881bf45d9f Mon Sep 17 00:00:00 2001 From: bush Date: Thu, 5 Mar 2015 04:31:45 +0000 Subject: [PATCH 1/4] Enabled disabling of openssl cipher suits. RC4 disabled by default. --- config.template.yaml | 1 + lib/config.js | 3 ++- lib/server.js | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config.template.yaml b/config.template.yaml index abbfedb3..66fad4d0 100644 --- a/config.template.yaml +++ b/config.template.yaml @@ -79,6 +79,7 @@ https: passphrase: '' certfile: 'localhost.cert' cafile: '' + ciphers: 'ALL:!RC4' # Page template values # title goes in the upper left corner, description goes in a tag diff --git a/lib/config.js b/lib/config.js index cdab3806..d0ed3c0b 100644 --- a/lib/config.js +++ b/lib/config.js @@ -43,7 +43,8 @@ var defaults = { keyfile: "localhost.key", passphrase: "", certfile: "localhost.cert", - cafile: "" + cafile: "", + ciphers: "ALL:!RC4" }, io: { domain: "http://localhost", diff --git a/lib/server.js b/lib/server.js index 88032089..b83b91b9 100644 --- a/lib/server.js +++ b/lib/server.js @@ -72,7 +72,8 @@ var Server = function () { key: key, cert: cert, passphrase: Config.get("https.passphrase"), - ca: ca + ca: ca, + ciphers: Config.get("https.ciphers") }; Config.get("listen").forEach(function (bind) { From f191e2a9c995508a9d4b3a0094a794b0457d99ca Mon Sep 17 00:00:00 2001 From: bush Date: Thu, 5 Mar 2015 04:42:01 +0000 Subject: [PATCH 2/4] Fixed cipher list to high --- config.template.yaml | 2 +- lib/config.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config.template.yaml b/config.template.yaml index 66fad4d0..b9074f31 100644 --- a/config.template.yaml +++ b/config.template.yaml @@ -79,7 +79,7 @@ https: passphrase: '' certfile: 'localhost.cert' cafile: '' - ciphers: 'ALL:!RC4' + ciphers: 'HIGH:!DSS:!aNULL@STRENGTH' # Page template values # title goes in the upper left corner, description goes in a tag diff --git a/lib/config.js b/lib/config.js index d0ed3c0b..fe3c0af7 100644 --- a/lib/config.js +++ b/lib/config.js @@ -44,7 +44,7 @@ var defaults = { passphrase: "", certfile: "localhost.cert", cafile: "", - ciphers: "ALL:!RC4" + ciphers: "HIGH:!DSS:!aNULL@STRENGTH" }, io: { domain: "http://localhost", From 6138d3b7ff68bf9ec1fb8e62128ffaea57980703 Mon Sep 17 00:00:00 2001 From: bush Date: Fri, 6 Mar 2015 21:59:34 +0000 Subject: [PATCH 3/4] Fixes for calzoneman <3 --- lib/config.js | 2 +- lib/server.js | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/config.js b/lib/config.js index fe3c0af7..72a8635a 100644 --- a/lib/config.js +++ b/lib/config.js @@ -44,7 +44,7 @@ var defaults = { passphrase: "", certfile: "localhost.cert", cafile: "", - ciphers: "HIGH:!DSS:!aNULL@STRENGTH" + ciphers: "HIGH:!DSS:!aNULL@STRENGTH" }, io: { domain: "http://localhost", diff --git a/lib/server.js b/lib/server.js index b83b91b9..9b7877ba 100644 --- a/lib/server.js +++ b/lib/server.js @@ -73,7 +73,8 @@ var Server = function () { cert: cert, passphrase: Config.get("https.passphrase"), ca: ca, - ciphers: Config.get("https.ciphers") + ciphers: Config.get("https.ciphers"), + honorCipherOrder: true }; Config.get("listen").forEach(function (bind) { From fdf73b59088747df4020172288b0fd2b3b767f82 Mon Sep 17 00:00:00 2001 From: bush Date: Fri, 6 Mar 2015 22:29:21 +0000 Subject: [PATCH 4/4] I gotta stop using the tab key --- lib/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/server.js b/lib/server.js index 6fc4331c..01e93ff2 100644 --- a/lib/server.js +++ b/lib/server.js @@ -73,7 +73,7 @@ var Server = function () { cert: cert, passphrase: Config.get("https.passphrase"), ca: ca, - ciphers: Config.get("https.ciphers"), + ciphers: Config.get("https.ciphers"), honorCipherOrder: true };