Attachment #8934 for bug #40998

(-)a/management/univention-management-console/debian/univention-management-console-server.univention-config-registry-variables (+6 lines)

Lines 51-53 Description[de]=Die Variable deaktiviert die Sicherheitsspezifischen Restriktion	Link Here

Description[en]=This variable deactivates the security related restrictions against XSRF attacks in the UMC-Server. This is necessary for UCS 4.1 systems in the domain to communicate with UCS 4.2 systems.

Description[en]=This variable deactivates the security related restrictions against XSRF attacks in the UMC-Server. This is necessary for UCS 4.1 systems in the domain to communicate with UCS 4.2 systems.

Type=bool

Type=bool

Categories=management-umc

Categories=management-umc

[umc/server/ssl/ciphers]

Description[de]=Diese Variable spezifiziert die SSL Cipher Liste, die für SSL Verbindungen akzeptiert und genutzt wird.

Description[en]=This variable specifies the SSL cipher list which is accepted and used for ssl connections.

Type=str

Categories=management-umc

(-)a/management/univention-management-console/src/univention/management/console/protocol/client.py (-2 / +5 lines)

Lines 42-47	Link Here

from .message import Request, Response, IncompleteMessageError, ParseError

from .message import Request, Response, IncompleteMessageError, ParseError

from .definitions import RECV_BUFFER_SIZE, BAD_REQUEST_AUTH_FAILED, SUCCESS, status_description

from .definitions import RECV_BUFFER_SIZE, BAD_REQUEST_AUTH_FAILED, SUCCESS, status_description

from ..log import CORE, PROTOCOL

from ..log import CORE, PROTOCOL

from ..config import ucr

from OpenSSL import SSL

from OpenSSL import SSL

import notifier

import notifier

Lines 97-104 def __init__(self, servername='localhost', port=6670, unix=None, ssl=True):	Link Here

		self.__ssl = ssl

		self.__ssl = ssl

		self.__unix = unix

		self.__unix = unix

		if self.__ssl and not self.__unix:

100

		if self.__ssl and not self.__unix:

100

			self.__crypto_context = SSL.Context(SSL.SSLv23_METHOD)

101

			self.__crypto_context = SSL.Context(SSL.TLSv1_METHOD)

101

			self.__crypto_context.set_cipher_list('DEFAULT')

102

			self.__crypto_context.set_cipher_list(ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))

103

			self.__crypto_context.set_options(SSL.OP_NO_SSLv2)

104

			self.__crypto_context.set_options(SSL.OP_NO_SSLv3)

102

			self.__crypto_context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.__verify_cert_cb)

105

			self.__crypto_context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.__verify_cert_cb)

103

			try:

106

			try:

104

				self.__crypto_context.load_verify_locations(os.path.join('/etc/univention/ssl/ucsCA', 'CAcert.pem'))

107

				self.__crypto_context.load_verify_locations(os.path.join('/etc/univention/ssl/ucsCA', 'CAcert.pem'))

(-)a/management/univention-management-console/src/univention/management/console/protocol/server.py (-2 / +3 lines)

Lines 275-283 def __init__(self, port=6670, ssl=True, unix=None, magic=True, magicClass=MagicB	Link Here

275

276

		if self.__ssl and not self.__unix:

276

		if self.__ssl and not self.__unix:

277

			CORE.info('Setting up SSL configuration')

277

			CORE.info('Setting up SSL configuration')

278

			self.crypto_context = SSL.Context(SSL.SSLv23_METHOD)

278

			self.crypto_context = SSL.Context(SSL.TLSv1_METHOD)

279

			self.crypto_context.set_cipher_list('DEFAULT')

279

			self.crypto_context.set_cipher_list(ucr.get('umc/server/ssl/ciphers', 'DEFAULT'))

280

			self.crypto_context.set_options(SSL.OP_NO_SSLv2)

280

			self.crypto_context.set_options(SSL.OP_NO_SSLv2)

281

			self.crypto_context.set_options(SSL.OP_NO_SSLv3)

281

			self.crypto_context.set_verify(SSL.VERIFY_PEER, self.__verify_cert_cb)

282

			self.crypto_context.set_verify(SSL.VERIFY_PEER, self.__verify_cert_cb)

282

			dir = '/etc/univention/ssl/%s.%s' % (ucr['hostname'], ucr['domainname'])

283

			dir = '/etc/univention/ssl/%s.%s' % (ucr['hostname'], ucr['domainname'])

283

			try:

284

			try:

Return to bug 40998