aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-application
diff options
context:
space:
mode:
authorSimon Brandhof <simon.brandhof@sonarsource.com>2015-02-04 11:05:39 +0100
committerSimon Brandhof <simon.brandhof@sonarsource.com>2015-02-04 11:05:51 +0100
commitbd22041edd9715212bc1c5a92eed393af80de95f (patch)
treebfcba55454a5449517a491c4bc2cb4a82f5f0013 /sonar-application
parentd17a1224ec3140ec939c36a5e939a2c04e5fc741 (diff)
downloadsonarqube-bd22041edd9715212bc1c5a92eed393af80de95f.tar.gz
sonarqube-bd22041edd9715212bc1c5a92eed393af80de95f.zip
SONAR-6140 use JVM ciphers by default
Diffstat (limited to 'sonar-application')
-rw-r--r--sonar-application/src/main/assembly/conf/sonar.properties12
1 files changed, 9 insertions, 3 deletions
diff --git a/sonar-application/src/main/assembly/conf/sonar.properties b/sonar-application/src/main/assembly/conf/sonar.properties
index abc68188936..53fb2cfb207 100644
--- a/sonar-application/src/main/assembly/conf/sonar.properties
+++ b/sonar-application/src/main/assembly/conf/sonar.properties
@@ -102,6 +102,13 @@
# TCP port for incoming HTTP connections. Disabled when value is -1.
#sonar.web.port=9000
+
+# Recommendation for HTTPS
+# SonarQube natively supports HTTPS. However using a reverse proxy
+# infrastructure is the recommended way to set up your SonarQube installation
+# on production environments which need to be highly secured.
+# This allows to fully master all the security parameters that you want.
+
# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).
#sonar.web.https.port=-1
@@ -156,11 +163,10 @@
# HTTPS - comma separated list of encryption ciphers to support for HTTPS connections.
# If specified, only the ciphers that are listed and supported by the SSL implementation will be used.
+# By default, the default ciphers for the JVM will be used. Note that this usually means that the weak
+# export grade ciphers, for instance RC4, will be included in the list of available ciphers.
# The ciphers are specified using the JSSE cipher naming convention (see
# https://www.openssl.org/docs/apps/ciphers.html)
-# By default, the Mozilla recommendations are followed (Intermediate Compatibility). See
-# https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
-#
# Example: sonar.web.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
#sonar.web.https.ciphers=