[shibboleth-sp2] 27/89: SSPCPP-641 - add ability to set SOAP cipher suites

Ferenc Wágner wferi at moszumanska.debian.org
Thu Sep 1 09:24:05 UTC 2016 

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository shibboleth-sp2.

commit f7d7276491585a31135be0c271fb1a0b40afd09b
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Thu May 12 20:10:09 2016 -0400

    SSPCPP-641 - add ability to set SOAP cipher suites
    
    https://issues.shibboleth.net/jira/browse/SSPCPP-641
    
    Set a default cipher list.
---
 configs/example-shibboleth2.xml | 2 +-
 configs/shibboleth2.xml         | 3 ++-
 configs/win-shibboleth2.xml     | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/configs/example-shibboleth2.xml b/configs/example-shibboleth2.xml
index 944f8fa..48d65c4 100644
--- a/configs/example-shibboleth2.xml
+++ b/configs/example-shibboleth2.xml
@@ -95,7 +95,7 @@
                          REMOTE_USER="eppn persistent-id targeted-id"
                          metadataAttributePrefix="Meta-"
                          sessionHook="/Shibboleth.sso/AttrChecker"
-                         signing="conditional" encryption="conditional">
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
diff --git a/configs/shibboleth2.xml b/configs/shibboleth2.xml
index 44db35d..d1b0bf4 100644
--- a/configs/shibboleth2.xml
+++ b/configs/shibboleth2.xml
@@ -21,7 +21,8 @@
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
     <ApplicationDefaults entityID="https://sp.example.org/shibboleth"
-                         REMOTE_USER="eppn persistent-id targeted-id">
+                         REMOTE_USER="eppn persistent-id targeted-id"
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
diff --git a/configs/win-shibboleth2.xml b/configs/win-shibboleth2.xml
index 000e2d9..66fcafd 100644
--- a/configs/win-shibboleth2.xml
+++ b/configs/win-shibboleth2.xml
@@ -64,7 +64,8 @@
     points into to this section (or to the defaults here).
     -->
     <ApplicationDefaults entityID="https://sp.example.org/shibboleth"
-                         REMOTE_USER="eppn persistent-id targeted-id">
+                         REMOTE_USER="eppn persistent-id targeted-id"
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list