Revert "bmcweb: update SSL cipher suites to OWASP compatB"
This reverts commit 54fd221a9139f46c7c95b4a22cc09e6e7ce4cbbc.
Reason for revert: This breaks compatibility with python automation running on ubuntu 16.04, and regresses our ability to run the test harness. Suspect we need to run compat C by default, but lets revert for now to stabilize.
Change-Id: I4a01450836d917cd9558bc826c1877e629280850
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index fc088ad..32d7a73 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -352,23 +352,8 @@
std::string aesOnlyCiphers = "AES128+EECDH:AES128+EDH:!aNULL:!eNULL";
- // OWASP Cipher String 'B' (Broad compatibility to browsers)
- // https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet
- std::string owaspBroadCompatibility = "DHE-RSA-AES256-GCM-SHA384:"
- "DHE-RSA-AES128-GCM-SHA256:"
- "ECDHE-RSA-AES256-GCM-SHA384:"
- "ECDHE-RSA-AES128-GCM-SHA256:"
- "DHE-RSA-AES256-SHA256:"
- "DHE-RSA-AES128-SHA256:"
- "ECDHE-RSA-AES256-SHA384:"
- "ECDHE-RSA-AES128-SHA256:"
- "ECDHE-RSA-AES256-SHA:"
- "ECDHE-RSA-AES128-SHA:"
- "DHE-RSA-AES256-SHA:"
- "DHE-RSA-AES128-SHA";
-
if (SSL_CTX_set_cipher_list(mSslContext.native_handle(),
- owaspBroadCompatibility.c_str()) != 1)
+ mozillaCompatibilityCiphers.c_str()) != 1)
{
BMCWEB_LOG_ERROR << "Error setting cipher list\n";
}