zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-20 19:29:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

TLS version 1.2 defined in documents #2378

Browse source
This commit is contained in:
Priit Tark 2015-06-15 13:12:53 +03:00
parent 301b561ed1
commit 64d8009446
3 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,3 +1,7 @@
15.06.2015
* Apache config update: now only TLSv1.2 allowed with whitelisted chipers, please review all SSL config parameters
08.06.2015 08.06.2015
* Add sk service name to application.yml * Add sk service name to application.yml

15
README.md
View file

@ -97,9 +97,10 @@ For Apache, registry admin goes to port 443 in production, /etc/apache2/sites-en
SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
SSLCACertificateFile /etc/ssl/certs/ca.pem SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLProtocol TLSv1 SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLCompression off
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
RewriteEnginriteEngine on RewriteEnginriteEngine on
RedirectMatch ^/$ /admin RedirectMatch ^/$ /admin
@ -157,9 +158,10 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
SSLCACertificateFile /etc/ssl/certs/ca.pem SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLProtocol TLSv1 SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLCompression off
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
RewriteEngine on RewriteEngine on
RedirectMatch ^/$ /registrar RedirectMatch ^/$ /registrar
@ -240,9 +242,10 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
SSLCACertificateFile /etc/ssl/certs/ca.pem SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLProtocol TLSv1 SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH SSLCompression off
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
RewriteEngine on RewriteEngine on
RedirectMatch ^/$ /registrant RedirectMatch ^/$ /registrant

5
doc/repp-doc.md
View file

@ -1,6 +1,9 @@
# REPP integration specification # REPP integration specification
REPP uses currently Basic Authentication (http://tools.ietf.org/html/rfc2617#section-2) with ssl certificate and key. REPP uses HTTP/1.1 protocol (http://www.ietf.org/rfc/rfc2616.txt) and
Basic Authentication (http://tools.ietf.org/html/rfc2617#section-2) using
Secure Transport (https://tools.ietf.org/html/rfc5246) with certificate and key (https://tools.ietf.org/html/rfc5280).
Credentials and certificate are issued by EIS (in an exchange for desired API username, CSR and IP). Credentials and certificate are issued by EIS (in an exchange for desired API username, CSR and IP).
To quickly test the API, use curl: To quickly test the API, use curl: