SSPCPP-641 - add ability to set SOAP cipher suites

[shibboleth/cpp-sp.git] / configs / shibboleth2.xml

diff --git a/configs/shibboleth2.xml b/configs/shibboleth2.xml
index 9a5798d..d1b0bf4 100644 (file)
--- a/configs/shibboleth2.xml
+++ b/configs/shibboleth2.xml
@@ -21,7 +21,8 @@
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
     <ApplicationDefaults entityID="https://sp.example.org/shibboleth"
-                         REMOTE_USER="eppn persistent-id targeted-id">
+                         REMOTE_USER="eppn persistent-id targeted-id"
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
@@ -73,7 +74,7 @@
         <!-- Example of remotely supplied batch of signed metadata. -->
         <!--
         <MetadataProvider type="XML" validate="true"
-             uri="http://federation.org/federation-metadata.xml"
+             uri="http://example.org/federation-metadata.xml"
               backingFilePath="federation-metadata.xml" reloadInterval="7200">
             <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
             <MetadataFilter type="Signature" certificate="fedsigner.pem"/>