Project

General

Profile

Bug #13747

webrick needs option to change SSL ciphers via configuration vs hard coded values

Added by Tomer Brisker over 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1282514
Description of problem:

Currently the foreman-proxy piece has hard coded SSL ciphers in the following file:

/usr/share/foreman-proxy/lib/poodles-fix.rb

In order for users to pass certain security audits some Ciphers need to be disabled and currently they only approach is to modify the code, remove the offending cipher, and restart foreman-proxy. This workaround does not survive rpm updates and needs to be moved to a configuration file

Associated revisions

Revision b73b71a9 (diff)
Added by Tomer Brisker over 5 years ago

Fixes #13747 - Allow configuration of dsabled SSL cipher suites

Added a :ssl_disabled_ciphers option to the settings allowing disabling
disallowed cipher suits in webrick.

History

#1 Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/smart-proxy/pull/380 added

#2 Updated by Tomer Brisker over 5 years ago

  • Category set to Security
  • Assignee deleted (Tomer Brisker)
  • Priority changed from High to Normal

#3 Updated by The Foreman Bot over 5 years ago

  • Assignee set to Tomer Brisker

#4 Updated by Anonymous over 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Dominic Cleal over 5 years ago

  • Legacy Backlogs Release (now unused) set to 136

Also available in: Atom PDF