Commit a795a869 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Enforce more secure ciphers

parent 8182f719
......@@ -209,7 +209,7 @@ static bool uplink_connect_internal(struct uplink *uplink) {
}
close(sockets[1]);
close(errs[1]);
const char *remote = mem_pool_printf(loop_temp_pool(uplink->loop), "OPENSSL:%s:%s,cafile=/etc/ssl/ucollect.pem,compress=auto", uplink->remote_name, uplink->service);
const char *remote = mem_pool_printf(loop_temp_pool(uplink->loop), "OPENSSL:%s:%s,cafile=/etc/ssl/ucollect.pem,compress=auto,cipher=TLSv1:!MEDIUM:!LOW:!aNULL,", uplink->remote_name, uplink->service);
execlp("socat", "socat", "STDIO", remote, (char *) NULL);
die("Exec should never exit but it did: %s\n", strerror(errno));
}
......
......@@ -77,7 +77,7 @@ class Socat(protocol.ProcessProtocol):
def errReceived(self, data):
logging.warn('Socat complained: %s', data)
args = ['/usr/bin/socat', 'OPENSSL-LISTEN:' + str(master_config.getint('port')) + ',fork,backlog=50,key=' + master_config.get('key') + ',cert=' + master_config.get('cert') + ',verify=0,cipher=TLSv1,reuseaddr,pf=ip6', 'UNIX-CONNECT:./collect-master.sock']
args = ['/usr/bin/socat', 'OPENSSL-LISTEN:' + str(master_config.getint('port')) + ',fork,backlog=50,key=' + master_config.get('key') + ',cert=' + master_config.get('cert') + ',verify=0,cipher=TLSv1:!MEDIUM:!LOW:!aNULL,reuseaddr,pf=ip6,compress=auto', 'UNIX-CONNECT:./collect-master.sock']
logging.debug('Starting socat with: %s', args)
reactor.spawnProcess(Socat(), '/usr/bin/socat', args=args, env=os.environ)
endpoint.listen(ClientFactory(plugins))
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment