import re
print "Deleting TestSSLConfiguration if exists"
sslSettings=AdminTask.listSSLConfigs().splitlines()
for sslSetting in sslSettings:
if sslSetting.find("TestSSLConfiguration") == -1:
print " "
else:
print "Deleting TestSSLConfiguration"
alias=sslSetting.split(" ")[1]
AdminTask.deleteSSLConfig('-alias ' +alias +'')
AdminConfig.save()
print "Deleted %s" %alias
print " "
print "Creating TestSSLConfiguration"
AdminTask.createSSLConfig('[-alias TestSSLConfiguration -type JSSE -scopeName (cell):node01:(node):node01 -keyStoreName NodeDefaultKeyStore -keyStoreScopeName (cell):node01:(node):node01 -trustStoreName NodeDefaultKeyStore -trustStoreScopeName (cell):node01:(node):node01 ]')
AdminConfig.save()
print "Created TestSSLConfiguration"
print " "
print "Changing sslProtocol to TLSv1.2 for TestSSLConfiguration"
AdminTask.modifySSLConfig('[-alias TestSSLConfiguration -sslProtocol TLSv1.2]')
AdminConfig.save()
print "Changed sslProtocol to TLSv1.2 in TestSSLConfiguration"
print " "
print "Changing Ciphers for TestSSLConfiguration"
AdminTask.modifySSLConfig('[-alias TestSSLConfiguration -securityLevel CUSTOM -enabledCiphers "SSL_RSA_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_RC4_128_SHA SSL_RSA_WITH_AES_128_GCM_SHA256 SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 SSL_DHE_DSS_WITH_AES_128_CBC_SHA256"]')
AdminConfig.save()
print "Changed Ciphers in TestSSLConfiguration"
print " "
print "Changing sslConfiguration for SSL_2"
server = AdminConfig.getid('/Cell:node01/Node:node01/Server:server1/')
Channel_Name = AdminConfig.list("SSLInboundChannel",server).splitlines()
for channel_name in Channel_Name :
if channel_name.find("SSL_2")==-1:
status="1"
else:
AdminConfig.modify(channel_name, '[[sslConfigAlias TestSSLConfiguration]]')
AdminConfig.save()
print "sslConfiguration changed for SSL_2"
print " "
print "Deleting TestSSLConfiguration if exists"
sslSettings=AdminTask.listSSLConfigs().splitlines()
for sslSetting in sslSettings:
if sslSetting.find("TestSSLConfiguration") == -1:
print " "
else:
print "Deleting TestSSLConfiguration"
alias=sslSetting.split(" ")[1]
AdminTask.deleteSSLConfig('-alias ' +alias +'')
AdminConfig.save()
print "Deleted %s" %alias
print " "
print "Creating TestSSLConfiguration"
AdminTask.createSSLConfig('[-alias TestSSLConfiguration -type JSSE -scopeName (cell):node01:(node):node01 -keyStoreName NodeDefaultKeyStore -keyStoreScopeName (cell):node01:(node):node01 -trustStoreName NodeDefaultKeyStore -trustStoreScopeName (cell):node01:(node):node01 ]')
AdminConfig.save()
print "Created TestSSLConfiguration"
print " "
print "Changing sslProtocol to TLSv1.2 for TestSSLConfiguration"
AdminTask.modifySSLConfig('[-alias TestSSLConfiguration -sslProtocol TLSv1.2]')
AdminConfig.save()
print "Changed sslProtocol to TLSv1.2 in TestSSLConfiguration"
print " "
print "Changing Ciphers for TestSSLConfiguration"
AdminTask.modifySSLConfig('[-alias TestSSLConfiguration -securityLevel CUSTOM -enabledCiphers "SSL_RSA_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_RC4_128_SHA SSL_RSA_WITH_AES_128_GCM_SHA256 SSL_RSA_WITH_AES_128_CBC_SHA256 SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL_DHE_DSS_WITH_AES_128_GCM_SHA256 SSL_DHE_DSS_WITH_AES_128_CBC_SHA256"]')
AdminConfig.save()
print "Changed Ciphers in TestSSLConfiguration"
print " "
print "Changing sslConfiguration for SSL_2"
server = AdminConfig.getid('/Cell:node01/Node:node01/Server:server1/')
Channel_Name = AdminConfig.list("SSLInboundChannel",server).splitlines()
for channel_name in Channel_Name :
if channel_name.find("SSL_2")==-1:
status="1"
else:
AdminConfig.modify(channel_name, '[[sslConfigAlias TestSSLConfiguration]]')
AdminConfig.save()
print "sslConfiguration changed for SSL_2"
print " "
No comments:
Post a Comment