Index: /branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c =================================================================== --- /branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (revision 40150) +++ /branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (working copy) @@ -26654,25 +26654,25 @@ found_tlsv13_cipher++; } if ( ciphers[TLS13_AES128_GCM_SHA256_TYPE].count ) { - if ( found_tls12_cipher >= 1) + if ( found_tlsv13_cipher >= 1) printf(", "); printf("%s", ciphers[TLS13_AES128_GCM_SHA256_TYPE].name); found_tlsv13_cipher++; } if ( ciphers[TLS13_CHACHA20_POLY1305_SHA256_TYPE].count) { - if ( found_tls12_cipher >= 1) + if ( found_tlsv13_cipher >= 1) printf(", "); printf("%s", ciphers[TLS13_CHACHA20_POLY1305_SHA256_TYPE].name); found_tlsv13_cipher++; } if ( ciphers[TLS13_AES_128_CCM_8_SHA256_TYPE].count ) { - if ( found_tls12_cipher >= 1) + if ( found_tlsv13_cipher >= 1) printf(", "); printf("%s", ciphers[TLS13_AES_128_CCM_8_SHA256_TYPE].name); found_tlsv13_cipher++; } if ( ciphers[TLS13_AES128_CCM_SHA256_TYPE].count ) { - if ( found_tls12_cipher >= 1) + if ( found_tlsv13_cipher >= 1) printf(", "); printf("%s", ciphers[TLS13_AES128_CCM_SHA256_TYPE].name); found_tlsv13_cipher++; Index: /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/loadbalancing/slb/ssl/virtual.py =================================================================== --- /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/loadbalancing/slb/ssl/virtual.py (revision 40150) +++ /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/loadbalancing/slb/ssl/virtual.py (working copy) @@ -781,7 +781,7 @@ 'defaction': result2[1][0] if result2[1] else '0', 'key_cert_status': result3 + '\n'+ result4, } - + @UpdatingFields(['session_reuse', 'renegotiation', 'protocol']) def _update_settings(self, instance): self.cli.set_config() @@ -869,7 +869,7 @@ result = "" if 'snmp_oid_idx' in output and output: result = int(output['snmp_oid_idx']) - + return result @UpdatingFields(['snmp_oid_idx']) @@ -921,9 +921,9 @@ self.cli.set_enable() result = self.cli.cmd('show ssl settings "%s"' % pk_dict['name'], RegexParser('Ciphersuite : (.*)', MATCHONE)) - + output = result[0].split(':!SSLv2')[0].split(':') - + data = [] for each in output: data.append({'cipher_suite':each+' ('+cipher_id[each]+')'}) @@ -936,22 +936,26 @@ cipher_suites = '' if not new_values: raise ModelQueryException(CLICmdError(__('Cannot disable all cipher suites at the same time.'))) - + for each in new_values: cipher_suites += each['cipher_suite'].split(' (')[0]+':' cipher_suites += '!SSLv2' - self.cli.cmd('ssl settings ciphersuite "%s" "%s"' % (instance.name, cipher_suites), - RegexParser('is not supported by the currently active RSA certificate', match_exception=CLICmdError, match_msg=__('This ciphersuite is not supported by the currently active RSA certificate.')), - RegexParser('Please make the supported SSL version and cipher suites consistent.', match_exception=CLICmdWarning, exclusive=True), - BlankParser(nonblank_exception=CLICmdError, supplement=True)) - + result = self.cli.cmd('ssl settings ciphersuite "%s" "%s"' % (instance.name, cipher_suites)) + if "is not supported by the currently active RSA certificate" in result: + cli_parse(result, RegexParser('is not supported by the currently active RSA certificate', match_exception=CLICmdError, match_msg=__('This ciphersuite is not supported by the currently active RSA certificate.'))) + if "Please make the supported SSL version match the cipher suites" in result: + if not hasattr(instance, 'has_update_protocol') or not instance.has_update_protocol: + cli_parse(result, RegexParser('Please make the supported SSL version match the cipher suites', match_exception=CLICmdWarning, exclusive=True)) + elif result: + cli_parse(result, BlankParser(nonblank_exception=CLICmdError, supplement=True)) + def _get_signalgo(self,pk_dict): self.cli.set_enable() result = self.cli.cmd('show ssl settings "%s"' % pk_dict['name'], RegexParser('Signature Algorithms for Server Key Exchange Messages: (.*)', MATCHONE)) - + output = result[0].split(':') if result else [] - + data = [] for each in output: data.append({'signalgo':each}) @@ -964,7 +968,7 @@ signalgos = '' if not new_values: raise ModelQueryException(CLICmdError(__('Please select at least one signature algorithm.'))) - + for each in new_values: if 'signalgo' in each: signalgos += each['signalgo']+':' @@ -975,9 +979,9 @@ self.cli.set_enable() result = self.cli.cmd('show ssl settings "%s"' % pk_dict['name'], RegexParser('Elliptic Curves: (.*)', MATCHONE)) - + output = result[0].split(':') if result else [] - + data = [] for each in output: data.append({'curves':each}) @@ -990,20 +994,20 @@ curves = '' if not new_values: raise ModelQueryException(CLICmdError(__('Please select at least one elliptic curve.'))) - + for each in new_values: if 'curves' in each: curves += each['curves']+':' self.cli.cmd('ssl settings curves "%s" "%s"' % (instance.name, curves.rstrip(':')), BlankParser(nonblank_exception=CLICmdError, supplement=True)) - + def _get_signalgo_client(self,pk_dict): self.cli.set_enable() result = self.cli.cmd('show ssl settings "%s"' % pk_dict['name'], RegexParser('Signature Algorithms for Client Certificate Request Messages: (.*)', MATCHONE)) - + output = result[0].split(':') if result else [] - + data = [] for each in output: data.append({'signalgo_client':each}) @@ -1016,7 +1020,7 @@ signalgo_clients = '' if not new_values: raise ModelQueryException(CLICmdError(__('Please select at least one signature algorithm.'))) - + for each in new_values: if 'signalgo_client' in each: signalgo_clients += each['signalgo_client']+':' @@ -1027,9 +1031,9 @@ self.cli.set_enable() result = self.cli.cmd('show ssl settings "%s"' % pk_dict['name'], RegexParser('TLSv13 Signature Algorithms for Client Certificate Request Messages: (.*)', MATCHONE)) - + output = result[0].split(':') if result else [] - + data = [] for each in output: data.append({'tlsv13_cert_req':each}) @@ -1042,7 +1046,7 @@ tlsv13_cert_req = '' if not new_values: raise ModelQueryException(CLICmdError(__('Please select at least one signature algorithm.'))) - + for each in new_values: if 'tlsv13_cert_req' in each: tlsv13_cert_req += each['tlsv13_cert_req']+':' @@ -1053,9 +1057,9 @@ self.cli.set_enable() result = self.cli.cmd('show ssl settings "%s"' % pk_dict['name'], RegexParser('TLSv13 Signature Algorithms for Certificate Verify Messages: (.*)', MATCHONE)) - + output = result[0].split(':') if result else [] - + data = [] for each in output: data.append({'tlsv13_cert_verify':each}) @@ -1068,13 +1072,13 @@ tlsv13_cert_verify = '' if not new_values: raise ModelQueryException(CLICmdError(__('Please select at least one signature algorithm.'))) - + for each in new_values: if 'tlsv13_cert_verify' in each: tlsv13_cert_verify += each['tlsv13_cert_verify']+':' self.cli.cmd('ssl settings tlsv13 signalgo certverify "%s" "%s"' % (instance.name, tlsv13_cert_verify.rstrip(':')), BlankParser(nonblank_exception=CLICmdError, supplement=True)) - + def _update_vs(self, instance, old_values): new_values = instance.vs self.cli.set_config() Index: /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/model/ajax.py =================================================================== --- /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/model/ajax.py (revision 40150) +++ /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/hive/model/ajax.py (working copy) @@ -1370,6 +1370,11 @@ json_str = kwargs['post_data'] json_dict = json.loads(json_str) old_value_dict = dict(self.object.get_field_dict(withstats=False)) + if "SSLVirtualHost" in self.request.path_info \ + and "protocol" in json_dict and "cipher_suite" in json_dict: + setattr(self.object, "has_update_protocol", True) + else: + setattr(self.object, "has_update_protocol", False) for key,value in json_dict.iteritems(): update_cache_field(self.object, key, value, False) except KeyError: