projects / shibboleth / cpp-sp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49d3c71)
SSPCPP-641 - add ability to set SOAP cipher suites
authorScott Cantor <cantor.2@osu.edu>
Fri, 13 May 2016 00:10:09 +0000 (20:10 -0400)
committerScott Cantor <cantor.2@osu.edu>
Fri, 13 May 2016 00:10:09 +0000 (20:10 -0400)
https://issues.shibboleth.net/jira/browse/SSPCPP-641

Set a default cipher list.

configs/example-shibboleth2.xml patch | blob | history
configs/shibboleth2.xml patch | blob | history
configs/win-shibboleth2.xml patch | blob | history

diff --git a/configs/example-shibboleth2.xml b/configs/example-shibboleth2.xml
index 944f8fa..48d65c4 100644 (file)
--- a/configs/example-shibboleth2.xml
+++ b/configs/example-shibboleth2.xml
@@ -95,7 +95,7 @@
                          REMOTE_USER="eppn persistent-id targeted-id"
                          metadataAttributePrefix="Meta-"
                          sessionHook="/Shibboleth.sso/AttrChecker"
-                         signing="conditional" encryption="conditional">
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
diff --git a/configs/shibboleth2.xml b/configs/shibboleth2.xml
index 44db35d..d1b0bf4 100644 (file)
--- a/configs/shibboleth2.xml
+++ b/configs/shibboleth2.xml
@@ -21,7 +21,8 @@
 
     <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
     <ApplicationDefaults entityID="https://sp.example.org/shibboleth"
-                         REMOTE_USER="eppn persistent-id targeted-id">
+                         REMOTE_USER="eppn persistent-id targeted-id"
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
diff --git a/configs/win-shibboleth2.xml b/configs/win-shibboleth2.xml
index 000e2d9..66fcafd 100644 (file)
--- a/configs/win-shibboleth2.xml
+++ b/configs/win-shibboleth2.xml
@@ -64,7 +64,8 @@
     points into to this section (or to the defaults here).
     -->
     <ApplicationDefaults entityID="https://sp.example.org/shibboleth"
-                         REMOTE_USER="eppn persistent-id targeted-id">
+                         REMOTE_USER="eppn persistent-id targeted-id"
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
Unnamed repository; edit this file 'description' to name the repository.