Project

General

Profile

Actions
Copy link

Bug #37306

closed

Puppet server ciphers updated in 2.0 but old ciphers can remain in answers

Added by Ewoud Kohl van Wijngaarden 9 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Ewoud Kohl van Wijngaarden
Category:
foreman-installer script
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
2270513
Pull request:
https://github.com/theforeman/foreman-installer/pull/928
Fixed in Releases:
Foreman - 3.11.0
Found in Releases:
Foreman - 2.0.0, Foreman - 3.10.0
Red Hat JIRA:
SAT-24073

Description

In foreman-installer 2.0 we updated the ciphers for puppetserver, but didn't introduce a migration to update existing installations. Users from very old installs will still use the insecure ciphers. This breaks on FIPS and leaves other users more vulnerable than they need to be.

The commit in question was: https://github.com/theforeman/puppet-puppet/commit/8cc4e3094d5bbd6d05d794e087816934e1697a87

Actions
Copy link
 #1

Updated by Ewoud Kohl van Wijngaarden 9 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by The Foreman Bot 9 months ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ewoud Kohl van Wijngaarden
  • Pull request https://github.com/theforeman/foreman-installer/pull/928 added
Actions
Copy link
 #3

Updated by The Foreman Bot 9 months ago

  • Fixed in Releases 3.11.0 added
Actions
Copy link
 #4

Updated by Ewoud Kohl van Wijngaarden 9 months ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #5

Updated by Ewoud Kohl van Wijngaarden 6 months ago

  • Triaged changed from No to Yes
Actions
Copy link

Also available in: Atom PDF