Project

General

Profile

Bug #22567

Tomcat server.xml templates require the sslEnabledProtocols parameter to

Added by Rich Jerrido over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Category:
Installer
Target version:
Difficulty:
trivial
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

When leveraging custom Hiera to secure my Tomcat instance, I noticed that the sslProtocols value (set in the server.xml.erb file) only sets the maximum version of the SSL protocol offered. That is, if you set sslProtocols to TLSv1.2, it offers 1.0, 1.1 and 1.2 (but not 1.3).

To actually restrict the protocols used for a client connection, you need to also use the sslEnabledProtocols parameter (https://tomcat.apache.org/tomcat-7.0-doc/config/http.html)

Associated revisions

Revision 7320f16d (diff)
Added by Rich Jerrido over 3 years ago

Fixes #22567 - add sslEnabledProtocols parameter to server.xml.erb

History

#1 Updated by Stephen Benjamin over 3 years ago

  • Category changed from 47 to Installer
  • Project changed from Foreman to Katello

#2 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-candlepin/pull/97 added

#3 Updated by Rich Jerrido over 3 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#4 Updated by Justin Sherrill over 3 years ago

  • Legacy Backlogs Release (now unused) set to 338

Also available in: Atom PDF