Bug #14685
closedAbility to set SSL Ciphers, Order & Compression during install
Description
User needs the ability to set:
SSLCipherSuite
SSLHonorCipherOrder
SSLCompression
values to be used in:
/etc/httpd/conf.d/25-puppet.conf
/etc/httpd/conf.d/ssl.conf
The requirement is due to security settings that restrict the Ciphers and compression beyond the default values used in a Katello install. Manual adjustment can be made to these files while the services are offline, but these foreman-installer would overwrite these custom settings during the next upgrade.
Is it possible to have these values set via foreman-installer command line flags?
Updated by Ewoud Kohl van Wijngaarden over 6 years ago
- Status changed from New to Resolved
We ship better defaults now. The ciphers and ssl protocols are exposed as parameters except for puppet + passenger since that's deprecated in favor of puppetserver. We do allow overriding them with hiera though.