Project

General

Profile

Bug #12578

Smart-Proxy doesn't enforce ciphersuite ordering

Added by Brandon Weeks over 3 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
SSL
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

The SSL settings don't enforce ciphersuite ordering, which may allow the clients to make worse decisions about ciphersuite selection or maliciously downgraded. Enabling the 'SSLHonorCipherOrder' or 'ssl_prefer_server_ciphers' settings for Apache or Nginx is considered a best practice.

Associated revisions

Revision ec99de99 (diff)
Added by Brandon Weeks over 3 years ago

Fixes #12578 - set SSL_OP_CIPHER_SERVER_PREFERENCE

History

#1 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Brandon Weeks
  • Pull request https://github.com/theforeman/smart-proxy/pull/348 added

#2 Updated by Brandon Weeks over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#3 Updated by Dominic Cleal over 3 years ago

  • Legacy Backlogs Release (now unused) set to 104

Also available in: Atom PDF