Project

General

Profile

Feature #35638

Add stronger ciphers to Candlepin's config

Added by Ewoud Kohl van Wijngaarden about 1 month ago. Updated 1 day ago.

Status:
Closed
Priority:
Normal
Category:
Foreman modules
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Today the ciphers come from the very first commit (commit:832bafa66c9fdc8d632908613695691e90f78583) and aren't the strongest anymore. In commit:c5a36f728cc12443709d0437b205c4a9e32c0fbe they were changed into a parameter so they can be overridden, but the out of the box experience should be improved.

Reported in https://bugzilla.redhat.com/show_bug.cgi?id=2117265#c1

Associated revisions

Revision 86bb0923 (diff)
Added by Ewoud Kohl van Wijngaarden about 1 month ago

Fixes #35638 - Update ciphers to be SHA256 or SHA384

In 832bafa66c9fdc8d632908613695691e90f78583 the list was created in the
initial commit. Then c5a36f728cc12443709d0437b205c4a9e32c0fbe made it a
parameter, but didn't change the values. Since 2013 there are stronger
(non-SHA1) ciphers. This is important since the FUTURE crypto policy
disallows SHA1 ciphers.

The old ciphers are less secure. In our setup clients talk to Foreman
and Foreman talks to Candlepin so this should be safe in terms of
compatibility with older clients.

History

#1 Updated by The Foreman Bot about 1 month ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-candlepin/pull/224 added

#2 Updated by The Foreman Bot about 1 month ago

  • Fixed in Releases 3.5.0 added

#3 Updated by Ewoud Kohl van Wijngaarden about 1 month ago

  • Status changed from Ready For Testing to Closed

#4 Updated by Ewoud Kohl van Wijngaarden 1 day ago

  • Triaged changed from No to Yes

Also available in: Atom PDF