zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-20 11:19:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

TLS version 1.2 defined in documents #2378

Browse source
This commit is contained in:
Priit Tark 2015-06-15 13:12:53 +03:00
parent 301b561ed1
commit 64d8009446
3 changed files with 17 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,3 +1,7 @@
15.06.2015
* Apache config update: now only TLSv1.2 allowed with whitelisted chipers, please review all SSL config parameters
08.06.2015
* Add sk service name to application.yml

15
README.md
View file

@ -97,9 +97,10 @@ For Apache, registry admin goes to port 443 in production, /etc/apache2/sites-en
SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLProtocol TLSv1
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLCompression off
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
RewriteEnginriteEngine on
RedirectMatch ^/$ /admin
@ -157,9 +158,10 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLProtocol TLSv1
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLCompression off
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
RewriteEngine on
RedirectMatch ^/$ /registrar
@ -240,9 +242,10 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
SSLCertificateChainFile /etc/ssl/certs/your-chain-fail.pem
SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLProtocol TLSv1
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLCompression off
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
RewriteEngine on
RedirectMatch ^/$ /registrant

5
doc/repp-doc.md
View file

@ -1,6 +1,9 @@
# REPP integration specification
REPP uses currently Basic Authentication (http://tools.ietf.org/html/rfc2617#section-2) with ssl certificate and key.
REPP uses HTTP/1.1 protocol (http://www.ietf.org/rfc/rfc2616.txt) and
Basic Authentication (http://tools.ietf.org/html/rfc2617#section-2) using
Secure Transport (https://tools.ietf.org/html/rfc5246) with certificate and key (https://tools.ietf.org/html/rfc5280).
Credentials and certificate are issued by EIS (in an exchange for desired API username, CSR and IP).
To quickly test the API, use curl: