You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2017/11/28 16:34:11 UTC

qpid-dispatch git commit: DISPATCH-877 - Document new ciphers attribute. This closes #219

Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 00d1ea220 -> 95c9463e2


DISPATCH-877 - Document new ciphers attribute. This closes #219


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/95c9463e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/95c9463e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/95c9463e

Branch: refs/heads/master
Commit: 95c9463e247a26d1b7374992d7826214c2805b5f
Parents: 00d1ea2
Author: Ben Hardesty <bh...@redhat.com>
Authored: Wed Nov 15 17:00:55 2017 -0500
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Tue Nov 28 11:33:26 2017 -0500

----------------------------------------------------------------------
 doc/new-book/configuration-security.adoc | 12 ++++++++++++
 1 file changed, 12 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/95c9463e/doc/new-book/configuration-security.adoc
----------------------------------------------------------------------
diff --git a/doc/new-book/configuration-security.adoc b/doc/new-book/configuration-security.adoc
index c59a35f..4df8d4a 100644
--- a/doc/new-book/configuration-security.adoc
+++ b/doc/new-book/configuration-security.adoc
@@ -49,6 +49,7 @@ You must have the following files in PEM format:
 ----
 sslProfile {
     name: _NAME_
+    ciphers: _CIPHERS_
     certDb: _PATH_.pem
     certFile: _PATH_.pem
     keyFile: _PATH_.pem
@@ -66,6 +67,17 @@ For example:
 name: router-ssl-profile
 ----
 
+`ciphers`:: The SSL cipher suites that can be used by this SSL/TLS profile. If certain ciphers are unsuitable for your environment, you can use this attribute to restrict them from being used.
++
+To enable a cipher list, enter one or more cipher strings separated by colons (`:`). For example:
++
+[options="nowrap"]
+----
+ciphers: ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
+----
++
+To see the full list of available ciphers, use the `openssl ciphers` command. For more information about each cipher, see the link:https://www.openssl.org/docs/manmaster/man1/ciphers.html[ciphers man page^].
+
 `certDb`:: The absolute path to the database that contains the public certificates of trusted certificate authorities (CA).
 +
 For example:


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org