Project

General

Profile

Actions
Copy link

Bug #27656

closed

Inconsistent "SSLVerifyDepth" value in configurations will cause Apache to request unnecessary SSL renegotiation

Added by Ewoud Kohl van Wijngaarden over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ewoud Kohl van Wijngaarden
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
1723765
Pull request:
https://github.com/theforeman/puppet-katello/pull/298
Fixed in Releases:
Foreman - 1.24.0
Found in Releases:
Red Hat JIRA:

Description

Inconsistent "SSLVerifyDepth" value in the following 2 Apache configuration files (Foreman and Katello) can cause Apache to request unnecessary SSL secure renegotiation to the client (such as web browser). This will trigger security alert to an environment that running IPS, such as MacAfee IPS. Change the value of this directive to '3' in both file does prevent the renegotiation.

/etc/httpd/conf.d/05-foreman-ssl.conf
/etc/httpd/conf.d/05-foreman-ssl.d/katello.conf

Actions
Copy link
 #1

Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ewoud Kohl van Wijngaarden
  • Pull request https://github.com/theforeman/puppet-katello/pull/298 added
Actions
Copy link
 #2

Updated by The Foreman Bot over 5 years ago

  • Fixed in Releases 1.24.0 added
Actions
Copy link
 #3

Updated by Ewoud Kohl van Wijngaarden over 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF