Bug #12578: Smart-Proxy doesn't enforce ciphersuite ordering - Smart Proxy - Foreman

Actions

Copy link

Bug #12578

closed

Smart-Proxy doesn't enforce ciphersuite ordering

Added by Brandon Weeks about 9 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Brandon Weeks

Category:

SSL

Target version:

1.10.1

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/smart-proxy/pull/348

Fixed in Releases:

Found in Releases:

Foreman - Nightly

Red Hat JIRA:

Description

The SSL settings don't enforce ciphersuite ordering, which may allow the clients to make worse decisions about ciphersuite selection or maliciously downgraded. Enabling the 'SSLHonorCipherOrder' or 'ssl_prefer_server_ciphers' settings for Apache or Nginx is considered a best practice.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #12578

Smart-Proxy doesn't enforce ciphersuite ordering

Updated by The Foreman Bot about 9 years ago

Updated by Brandon Weeks about 9 years ago

Updated by Dominic Cleal about 9 years ago