Project

General

Profile

Bug #27656

Inconsistent "SSLVerifyDepth" value in configurations will cause Apache to request unnecessary SSL renegotiation

Added by Ewoud Kohl van Wijngaarden about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Inconsistent "SSLVerifyDepth" value in the following 2 Apache configuration files (Foreman and Katello) can cause Apache to request unnecessary SSL secure renegotiation to the client (such as web browser). This will trigger security alert to an environment that running IPS, such as MacAfee IPS. Change the value of this directive to '3' in both file does prevent the renegotiation.

/etc/httpd/conf.d/05-foreman-ssl.conf
/etc/httpd/conf.d/05-foreman-ssl.d/katello.conf

Associated revisions

Revision 6ba99532 (diff)
Added by Ewoud Kohl van Wijngaarden about 1 year ago

Fixes #27656 - Set SSLVerifyDepth to 3

This matches what theforeman-foreman sets and avoids SSL renegotiations.

History

#1 Updated by The Foreman Bot about 1 year ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-katello/pull/298 added

#2 Updated by The Foreman Bot about 1 year ago

  • Fixed in Releases 1.24.0 added

#3 Updated by Ewoud Kohl van Wijngaarden about 1 year ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF