You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/13 10:32:56 UTC

[6/9] git commit: updated refs/heads/4.5 to b79f13c

CS-17504: Weak SSL ciphers supported by the management server

Signed-off-by: Rohit Yadav <ro...@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f947fad1
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f947fad1
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f947fad1

Branch: refs/heads/4.5
Commit: f947fad197f8ffde51231dc80733cf16aa2f1fa1
Parents: 19e3c01
Author: Harikrishna Patnala <ha...@citrix.com>
Authored: Tue Nov 4 17:47:04 2014 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 13:25:33 2015 +0530

----------------------------------------------------------------------
 client/tomcatconf/java.security.ciphers.in | 18 ++++++++++++++++++
 client/tomcatconf/tomcat6-nonssl.conf.in   |  2 +-
 client/tomcatconf/tomcat6-ssl.conf.in      |  2 +-
 debian/cloudstack-management.install       |  1 +
 packaging/centos63/cloud.spec              |  2 +-
 5 files changed, 22 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/client/tomcatconf/java.security.ciphers.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/java.security.ciphers.in b/client/tomcatconf/java.security.ciphers.in
new file mode 100644
index 0000000..986abf6
--- /dev/null
+++ b/client/tomcatconf/java.security.ciphers.in
@@ -0,0 +1,18 @@
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements.  See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership.  The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License.  You may obtain a copy of the License at
+ #
+ #   http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing,
+ # software distributed under the License is distributed on an
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ # KIND, either express or implied.  See the License for the
+ # specific language governing permissions and limitations
+ # under the License.
+
+jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/client/tomcatconf/tomcat6-nonssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-nonssl.conf.in b/client/tomcatconf/tomcat6-nonssl.conf.in
index 5ce724c..3f08c90 100644
--- a/client/tomcatconf/tomcat6-nonssl.conf.in
+++ b/client/tomcatconf/tomcat6-nonssl.conf.in
@@ -41,7 +41,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
 
 # Use JAVA_OPTS to set java.library.path for libtcnative.so
 #JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
 
 # What user should run tomcat
 TOMCAT_USER="@MSUSER@"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/client/tomcatconf/tomcat6-ssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-ssl.conf.in b/client/tomcatconf/tomcat6-ssl.conf.in
index c967a98..e7c53ac 100644
--- a/client/tomcatconf/tomcat6-ssl.conf.in
+++ b/client/tomcatconf/tomcat6-ssl.conf.in
@@ -40,7 +40,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
 
 # Use JAVA_OPTS to set java.library.path for libtcnative.so
 #JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
 
 # What user should run tomcat
 TOMCAT_USER="@MSUSER@"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/debian/cloudstack-management.install
----------------------------------------------------------------------
diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install
index ea3f93b..4e016df 100644
--- a/debian/cloudstack-management.install
+++ b/debian/cloudstack-management.install
@@ -30,6 +30,7 @@
 /etc/cloudstack/management/tomcat6.conf
 /etc/cloudstack/management/web.xml
 /etc/cloudstack/management/environment.properties
+/etc/cloudstack/management/java.security.ciphers
 /etc/cloudstack/management/log4j-cloud.xml
 /etc/cloudstack/management/tomcat-users.xml
 /etc/cloudstack/management/context.xml

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f947fad1/packaging/centos63/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index 9c88383..9cca67d 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -294,7 +294,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
 rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
 
 for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf %{_serverxmlname}-ssl.xml %{_serverxmlname}-nonssl.xml \
-            catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+            catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers; do
   mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
     ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
 done