Bug #27656
Inconsistent "SSLVerifyDepth" value in configurations will cause Apache to request unnecessary SSL renegotiation
Difficulty:
Triaged:
No
Bugzilla link:
Description
Inconsistent "SSLVerifyDepth" value in the following 2 Apache configuration files (Foreman and Katello) can cause Apache to request unnecessary SSL secure renegotiation to the client (such as web browser). This will trigger security alert to an environment that running IPS, such as MacAfee IPS. Change the value of this directive to '3' in both file does prevent the renegotiation.
/etc/httpd/conf.d/05-foreman-ssl.conf
/etc/httpd/conf.d/05-foreman-ssl.d/katello.conf
Associated revisions
History
#1
Updated by The Foreman Bot over 3 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-katello/pull/298 added
#2
Updated by The Foreman Bot over 3 years ago
- Fixed in Releases 1.24.0 added
#3
Updated by Ewoud Kohl van Wijngaarden over 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-katello|6ba99532dec262b8978970ee1394dc6d1acc3f2c.
Fixes #27656 - Set SSLVerifyDepth to 3
This matches what theforeman-foreman sets and avoids SSL renegotiations.