Adding custom TLS cipher suite config option

This change adds a server configuration option, tls_cipher_suites, allowing the server admin to specify a list of cipher suites to be used when establishing TLS connections with clients. The custom list supports both cipher suite specification and OpenSSL suite naming conventions. The list is filtered through a KMIP-approved set of cipher suites, and then through a set of cipher suites suitable for the configured authentication suite. Additional debug logging has been added to the server to provide transparency on this process.
2025-12-05 23:53:19 +00:00 · 2017-09-15 13:07:00 -04:00
parent c3696a9877
commit ee857ca4a3
9 changed files with 520 additions and 67 deletions
--- a/kmip/services/server/session.py
+++ b/kmip/services/server/session.py
@@ -158,6 +158,17 @@ class KmipSession(threading.Thread):
        max_size = self._max_response_size

        try:
+            shared_ciphers = self._connection.shared_ciphers()
+            self._logger.debug(
+                "Possible session ciphers: {0}".format(len(shared_ciphers))
+            )
+            for cipher in shared_ciphers:
+                self._logger.debug(cipher)
+            self._logger.debug(
+                "Session cipher selected: {0}".format(
+                    self._connection.cipher()
+                )
+            )
            client_identity = self._get_client_identity()
            request.read(request_data)
        except Exception as e: