Foreman » Smart Proxy

After updating and testing foreman 1.11, our custom php scripts that talk to the foreman proxy through the REST API no longer work. I even tried applying the patch mentioned in this bug, but it still doesn't work. After some debugging and looking at the php documentation, the problem is that TLSv1 would still not be allowed in 1.11.1. According to some user comments in the php documentation:

http://php.net/manual/en/function.curl-setopt.php#115993

Setting php to use TLSv1 or above will only work if you have curl 7.34 or newer. Note, RHEL6 comes with curl 7.19 and RHEL7 comes with curl 7.29. To maintain compatibility with still supported RHEL versions and allow custom 3rd party scripts written in php to connect to the foreman-proxy REST API, this line also needs to be removed from lib/launcher.rb:

ssl_options |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)

If you are uncomfortable allowing this, then a config setting that could specify the allowed ssl protocols, like apache has, would be useful for those who require this level of compatibility.

This ticket's closed, so it's not a good place to try and get something fixed. You would be better off filing a new ticket or better, a pull request with your proposed change so it can be discussed with the maintainers.