Bug #13747: webrick needs option to change SSL ciphers via configuration vs hard coded values - Smart Proxy - Foreman

Actions

Copy link

Bug #13747

closed

webrick needs option to change SSL ciphers via configuration vs hard coded values

Added by Tomer Brisker about 8 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tomer Brisker

Category:

Security

Target version:

1.12.0

Difficulty:

Triaged:

Bugzilla link:

1282514

Pull request:

https://github.com/theforeman/smart-proxy/pull/380

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1282514
Description of problem:

Currently the foreman-proxy piece has hard coded SSL ciphers in the following file:

/usr/share/foreman-proxy/lib/poodles-fix.rb

In order for users to pass certain security audits some Ciphers need to be disabled and currently they only approach is to modify the code, remove the offending cipher, and restart foreman-proxy. This workaround does not survive rpm updates and needs to be moved to a configuration file

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #13747

webrick needs option to change SSL ciphers via configuration vs hard coded values

Updated by The Foreman Bot about 8 years ago

Updated by Tomer Brisker about 8 years ago

Updated by The Foreman Bot about 8 years ago

Updated by Anonymous about 8 years ago

Updated by Dominic Cleal about 8 years ago