Provide a more secure apache ssl.conf sslciphersuite configuration on by default
|Triaged:||Fixed in Releases:|
|Bugzilla link:||1467434||Found in Releases:|
|Pull request:||https://github.com/theforeman/foreman-installer/pull/237, https://github.com/theforeman/foreman-installer/pull/236|
Set the default ciphesuites for apache to a stronger setting then the default provided by the puppet module.
This sets the default ciphersuites to the recommended for the time of
writing for the supported servers and browsers. This also disables
TRACE method, which is not a security vulnerability but comes up often
in automated security audits and isn't required for proper functioning
#1 Updated by Ewoud Kohl van Wijngaarden about 1 year ago
- Subject changed from Provide a more secure apache ssl.conf sslciphersuite configuration on by default to Provide a more secure apache ssl.conf sslciphersuite configuration on by default
- Status changed from New to Need more information
We could use the modern cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/ but could you be a bit more specific? The linked bugzilla is not public.
#2 Updated by Tomer Brisker about 1 year ago
yes, https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.6&openssl=1.0.1e&hsts=no&profile=intermediate should work for all our supported servers and browsers.