Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove deprecated verify.server for 9.0 #7040

Merged
merged 1 commit into from
Jul 24, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 0 additions & 16 deletions doc/admin-guide/files/records.config.en.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3561,22 +3561,6 @@ Client-Related Configuration
:code:`ALL`
Check both the signature and the name.

.. ts:cv:: CONFIG proxy.config.ssl.client.verify.server INT 0
:reloadable:
:deprecated:

This setting has been deprecated and :ts:cv:`proxy.config.ssl.client.verify.server.policy` and
:ts:cv:`proxy.config.ssl.client.verify.server.properties` should be used instead.

Configures |TS| to verify the origin server certificate
with the Certificate Authority (CA). This configuration takes a value between 0 to 2.

You can override this global setting on a per domain basis in the :file:`sni.yaml` file using the :ref:`verify_origin_server attribute<override-verify-origin-server>`.

:0: Server Certificate will not be verified
:1: Certificate will be verified and the connection will not be established if verification fail
:2: The provided certificate will be verified and the connection will be established

.. ts:cv:: CONFIG proxy.config.ssl.client.cert.filename STRING NULL
:reloadable:
:overridable:
Expand Down
5 changes: 0 additions & 5 deletions doc/admin-guide/files/sni.yaml.en.rst
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ Each table is a set of key / value pairs that create a configuration item. This
wildcard entries. To apply an SNI based setting on all the server names with a common upper level domain name,
the user needs to enter the fqdn in the configuration with a ``*.`` followed by the common domain name. (``*.yahoo.com`` for example).

.. _override-verify-origin-server:
.. _override-verify-server-policy:
.. _override-verify-server-properties:
.. _override-host-sni-policy:
Expand All @@ -67,10 +66,6 @@ verify_server_properties One of the values :code:`NONE`, :code:`SIGNATURE`, :co
By default this is :ts:cv:`proxy.config.ssl.client.verify.server.properties`.
This controls what Traffic Server checks when evaluating the origin certificate.

verify_origin_server Deprecated. Use verify_server_policy and verify_server_properties instead.
One of the values :code:`NONE`, :code:`MODERATE`, or :code:`STRICT`.
By default this is :ts:cv:`proxy.config.ssl.client.verify.server`.

verify_client One of the values :code:`NONE`, :code:`MODERATE`, or :code:`STRICT`.
If ``NONE`` is specified, |TS| requests no certificate. If ``MODERATE`` is specified
|TS| will verify a certificate that is presented by the client, but it will not
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,6 @@ TSOverridableConfigKey Value Configuratio
:c:macro:`TS_CONFIG_SRV_ENABLED` :ts:cv:`proxy.config.srv_enabled`
:c:macro:`TS_CONFIG_SSL_CLIENT_CERT_FILENAME` :ts:cv:`proxy.config.ssl.client.cert.filename`
:c:macro:`TS_CONFIG_SSL_CERT_FILEPATH` :ts:cv:`proxy.config.ssl.client.cert.path`
:c:macro:`TS_CONFIG_SSL_CLIENT_VERIFY_SERVER` :ts:cv:`proxy.config.ssl.client.verify.server`
:c:macro:`TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES` :ts:cv:`proxy.config.ssl.client.verify.server.properties`
:c:macro:`TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY` :ts:cv:`proxy.config.ssl.client.verify.server.policy`
:c:macro:`TS_CONFIG_SSL_CLIENT_SNI_POLICY` :ts:cv:`proxy.config.ssl.client.sni_policy`
Expand All @@ -181,8 +180,6 @@ TSOverridableConfigKey Value Configuratio
:c:macro:`TS_CONFIG_URL_REMAP_PRISTINE_HOST_HDR` :ts:cv:`proxy.config.url_remap.pristine_host_hdr`
:c:macro:`TS_CONFIG_WEBSOCKET_ACTIVE_TIMEOUT` :ts:cv:`proxy.config.websocket.active_timeout`
:c:macro:`TS_CONFIG_WEBSOCKET_NO_ACTIVITY_TIMEOUT` :ts:cv:`proxy.config.websocket.no_activity_timeout`
:c:macro:`TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_POLICY` :ts:cv:`proxy.config.ssl.client.verify.server.policy`
:c:macro:`TS_CONFIG_SSL_CLIENT_VERIFY_SERVER_PROPERTIES` :ts:cv:`proxy.config.ssl.client.verify.server.properties`
:c:macro:`TS_CONFIG_SSL_CLIENT_CERT_FILENAME` :ts:cv:`proxy.config.ssl.client.cert.filename`
:c:macro:`TS_CONFIG_SSL_CLIENT_PRIVATE_KEY_FILENAME` :ts:cv:`proxy.config.ssl.client.private_key.filename`
:c:macro:`TS_CONFIG_SSL_CLIENT_CA_CERT_FILENAME` :ts:cv:`proxy.config.ssl.client.CA.cert.filename`
Expand Down
103 changes: 28 additions & 75 deletions iocore/net/SSLConfig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -354,82 +354,35 @@ SSLConfigParams::initialize()
// ++++++++++++++++++++++++ Client part ++++++++++++++++++++
client_verify_depth = 7;

// remove before 9.0.0 release
// Backwards compatibility if proxy.config.ssl.client.verify.server is explicitly set
RecSourceT source = REC_SOURCE_DEFAULT;
bool set_backwards_compatible = false;
if (RecGetRecordSource("proxy.config.ssl.client.verify.server", &source, false) == REC_ERR_OKAY) {
if (source != REC_SOURCE_DEFAULT && source != REC_SOURCE_NULL) {
int8_t verifyServer = 0;
REC_EstablishStaticConfigByte(verifyServer, "proxy.config.ssl.client.verify.server");
verifyServerProperties = YamlSNIConfig::Property::ALL_MASK;
switch (verifyServer) {
case 0:
verifyServerPolicy = YamlSNIConfig::Policy::DISABLED;
set_backwards_compatible = true;
break;
case 1:
verifyServerPolicy = YamlSNIConfig::Policy::ENFORCED;
set_backwards_compatible = true;
break;
case 2:
verifyServerPolicy = YamlSNIConfig::Policy::PERMISSIVE;
set_backwards_compatible = true;
break;
}
}
}

bool policy_default = true;
bool properties_default = true;
if (!set_backwards_compatible) {
policy_default = properties_default = false;
} else { // Only check for non-defaults if we have a backwards compatible situation
if (RecGetRecordSource("proxy.config.ssl.client.verify.server.policy", &source, false) == REC_ERR_OKAY &&
source != REC_SOURCE_DEFAULT && source != REC_SOURCE_NULL) {
policy_default = false;
}
if (RecGetRecordSource("proxy.config.ssl.client.verify.server.properties", &source, false) == REC_ERR_OKAY &&
source != REC_SOURCE_DEFAULT && source != REC_SOURCE_NULL) {
properties_default = false;
}
}

if (!set_backwards_compatible || !policy_default) {
char *verify_server = nullptr;
REC_ReadConfigStringAlloc(verify_server, "proxy.config.ssl.client.verify.server.policy");
if (strcmp(verify_server, "DISABLED") == 0) {
verifyServerPolicy = YamlSNIConfig::Policy::DISABLED;
} else if (strcmp(verify_server, "PERMISSIVE") == 0) {
verifyServerPolicy = YamlSNIConfig::Policy::PERMISSIVE;
} else if (strcmp(verify_server, "ENFORCED") == 0) {
verifyServerPolicy = YamlSNIConfig::Policy::ENFORCED;
} else {
Warning("%s is invalid for proxy.config.ssl.client.verify.server.policy. Should be one of DISABLED, PERMISSIVE, or ENFORCED",
verify_server);
verifyServerPolicy = YamlSNIConfig::Policy::DISABLED;
}
ats_free(verify_server);
}

if (!set_backwards_compatible || !properties_default) {
char *verify_server = nullptr;
REC_ReadConfigStringAlloc(verify_server, "proxy.config.ssl.client.verify.server.properties");
if (strcmp(verify_server, "SIGNATURE") == 0) {
verifyServerProperties = YamlSNIConfig::Property::SIGNATURE_MASK;
} else if (strcmp(verify_server, "NAME") == 0) {
verifyServerProperties = YamlSNIConfig::Property::NAME_MASK;
} else if (strcmp(verify_server, "ALL") == 0) {
verifyServerProperties = YamlSNIConfig::Property::ALL_MASK;
} else if (strcmp(verify_server, "NONE") == 0) {
verifyServerProperties = YamlSNIConfig::Property::NONE;
} else {
Warning("%s is invalid for proxy.config.ssl.client.verify.server.properties. Should be one of SIGNATURE, NAME, or ALL",
verify_server);
verifyServerProperties = YamlSNIConfig::Property::NONE;
}
ats_free(verify_server);
char *verify_server = nullptr;
REC_ReadConfigStringAlloc(verify_server, "proxy.config.ssl.client.verify.server.policy");
if (strcmp(verify_server, "DISABLED") == 0) {
verifyServerPolicy = YamlSNIConfig::Policy::DISABLED;
} else if (strcmp(verify_server, "PERMISSIVE") == 0) {
verifyServerPolicy = YamlSNIConfig::Policy::PERMISSIVE;
} else if (strcmp(verify_server, "ENFORCED") == 0) {
verifyServerPolicy = YamlSNIConfig::Policy::ENFORCED;
} else {
Warning("%s is invalid for proxy.config.ssl.client.verify.server.policy. Should be one of DISABLED, PERMISSIVE, or ENFORCED",
verify_server);
verifyServerPolicy = YamlSNIConfig::Policy::DISABLED;
}

REC_ReadConfigStringAlloc(verify_server, "proxy.config.ssl.client.verify.server.properties");
if (strcmp(verify_server, "SIGNATURE") == 0) {
verifyServerProperties = YamlSNIConfig::Property::SIGNATURE_MASK;
} else if (strcmp(verify_server, "NAME") == 0) {
verifyServerProperties = YamlSNIConfig::Property::NAME_MASK;
} else if (strcmp(verify_server, "ALL") == 0) {
verifyServerProperties = YamlSNIConfig::Property::ALL_MASK;
} else if (strcmp(verify_server, "NONE") == 0) {
verifyServerProperties = YamlSNIConfig::Property::NONE;
} else {
Warning("%s is invalid for proxy.config.ssl.client.verify.server.properties. Should be one of SIGNATURE, NAME, or ALL",
verify_server);
verifyServerProperties = YamlSNIConfig::Property::NONE;
}
ats_free(verify_server);

ssl_client_cert_filename = nullptr;
ssl_client_cert_path = nullptr;
Expand Down
20 changes: 0 additions & 20 deletions iocore/net/YamlSNIConfig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,6 @@ std::set<std::string> valid_sni_config_keys = {TS_fqdn,
TS_tunnel_route,
TS_forward_route,
TS_partial_blind_route,
TS_verify_origin_server,
TS_verify_server_policy,
TS_verify_server_properties,
TS_client_cert,
Expand Down Expand Up @@ -166,25 +165,6 @@ template <> struct convert<YamlSNIConfig::Item> {
item.tls_upstream = true;
}

// remove before 9.0.0 release
// backwards compatibility
if (node[TS_verify_origin_server]) {
auto value = node[TS_verify_origin_server].as<std::string>();
YamlSNIConfig::Level level = static_cast<YamlSNIConfig::Level>(LEVEL_DESCRIPTOR.get(value));
item.verify_server_properties = YamlSNIConfig::Property::ALL_MASK;
switch (level) {
case YamlSNIConfig::Level::NONE:
item.verify_server_policy = YamlSNIConfig::Policy::DISABLED;
break;
case YamlSNIConfig::Level::MODERATE:
item.verify_server_policy = YamlSNIConfig::Policy::PERMISSIVE;
break;
case YamlSNIConfig::Level::STRICT:
item.verify_server_policy = YamlSNIConfig::Policy::ENFORCED;
break;
}
}

if (node[TS_verify_server_policy]) {
auto value = node[TS_verify_server_policy].as<std::string>();
int policy = POLICY_DESCRIPTOR.get(value);
Expand Down
2 changes: 0 additions & 2 deletions mgmt/RecordsConfig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1116,8 +1116,6 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.ssl.CA.cert.path", RECD_STRING, TS_BUILD_SYSCONFDIR, RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.client.verify.server", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-2]", RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.client.verify.server.policy", RECD_STRING, "PERMISSIVE", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.client.verify.server.properties", RECD_STRING, "ALL", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.exec_thread.autoconfig.scale': 1.0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
})
Expand Down
2 changes: 0 additions & 2 deletions tests/gold_tests/tls/tls_client_cert.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@
'proxy.config.diags.debug.tags': 'ssl_verify_test',
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.ssl.client.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.cert.filename': 'signed-foo.pem',
Expand Down Expand Up @@ -165,7 +164,6 @@
tr2.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.ssl.client.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.cert.filename': 'signed2-foo.pem',
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls_client_cert2.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.exec_thread.autoconfig.scale': 1.0,
'proxy.config.url_remap.pristine_host_hdr': 1,
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls_client_cert_override.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.ssl.client.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.cert.filename': 'signed-foo.pem',
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls_client_verify.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.url_remap.pristine_host_hdr' : 1,
'proxy.config.ssl.client.certification_level': 2,
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls_client_verify2.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.url_remap.pristine_host_hdr' : 1,
'proxy.config.ssl.client.certification_level': 0,
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls_engine.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.exec_thread.autoconfig.scale': 1.0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.ssl.engine.conf_file': '{0}/ts/config/load_engine.cnf'.format(Test.RunDirectory),
Expand Down
1 change: 0 additions & 1 deletion tests/gold_tests/tls/tls_session_cache.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.exec_thread.autoconfig.scale': 1.0,
'proxy.config.ssl.session_cache': 2,
Expand Down
2 changes: 0 additions & 2 deletions tests/gold_tests/tls/tls_ticket.test.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@
ts.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.exec_thread.autoconfig.scale': 1.0,
'proxy.config.ssl.server.session_ticket.enable': '1',
Expand All @@ -64,7 +63,6 @@
ts2.Disk.records_config.update({
'proxy.config.ssl.server.cert.path': '{0}'.format(ts2.Variables.SSLDir),
'proxy.config.ssl.server.private_key.path': '{0}'.format(ts2.Variables.SSLDir),
'proxy.config.ssl.client.verify.server': 0,
'proxy.config.ssl.server.cipher_suite': 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
'proxy.config.ssl.server.session_ticket.enable': '1',
'proxy.config.exec_thread.autoconfig.scale': 1.0,
Expand Down
Loading