p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove RC4 from the list of registry cipher suites

Browse Source 
The registry client's TLS configuration used the
default cipher list, including RC4. This change
copies the default cipher list from Golang 1.4 and
removes RC4 from that list. RC4 ciphers are considered
weak and vulnerable to a number of attacks.

Uses the tlsconfig package to define allowed ciphers.

Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 37846bff586e6f3d6bf35b66cce560ce4c57a619
Component: engine
This commit is contained in:
Eric Windisch
2015-06-10 13:37:31 -04:00
parent c791ee6a21
commit ac53859fd9
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/engine/registry/registry.go
View File

@ -20,6 +20,7 @@ import (
"github.com/docker/docker/autogen/dockerversion"
"github.com/docker/docker/pkg/parsers/kernel"
"github.com/docker/docker/pkg/timeoutconn"
"github.com/docker/docker/pkg/tlsconfig"
"github.com/docker/docker/pkg/transport"
"github.com/docker/docker/pkg/useragent"
)
@ -141,6 +142,7 @@ func NewTransport(timeout TimeoutType, secure bool) http.RoundTripper {
// Avoid fallback to SSL protocols < TLS1.0
MinVersion: tls.VersionTLS10,
InsecureSkipVerify: !secure,
CipherSuites: tlsconfig.DefaultServerAcceptedCiphers,
}
tr := &http.Transport{