Back to bug 1315652
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Jelinek | 2016-03-08 11:24:57 UTC | Priority | unspecified | high |
| Status | NEW | ASSIGNED | ||
| Tomas Jelinek | 2016-03-08 11:25:11 UTC | Summary | Option to disable particular TLS version with pcsd | Option to disable particular TLS version and ciphers with pcsd |
| Radek Steiger | 2016-03-08 11:26:02 UTC | CC | rsteiger | |
| Tomas Jelinek | 2016-03-08 14:50:38 UTC | Status | ASSIGNED | POST |
| Doc Text | Cause: There is no possibility to set SSL options and ciphers in pcsd. Consequence: If a vulnerability is found in a particular version of SSL/TLS protocol or a cipher or they are considered weak for other reasons, there is no easy way for users to disable the protocol version or cipher. Fix: Disable RC4 ciphers and TLS lower than 1.2 by default. Add possibility to configure SSL options and ciphers. Result: Weak ciphers are disabled by default. It is possible to set SSL options and ciphers so user can disable weak ciphers in future easily. |
|||
| Milan P. Gandhi | 2016-03-10 06:21:38 UTC | CC | mgandhi | |
| Milan P. Gandhi | 2016-03-10 09:01:12 UTC | Blocks | 1203710 | |
| Chris Feist | 2016-03-10 14:13:21 UTC | Flags | needinfo?(mgandhi) | |
| Milan P. Gandhi | 2016-03-11 05:08:20 UTC | Flags | needinfo?(mgandhi) | |
| Milan P. Gandhi | 2016-03-11 05:23:40 UTC | Flags | needinfo?(mgandhi) | |
| Shane Bradley | 2016-03-11 14:14:27 UTC | CC | sbradley | |
| Shane Bradley | 2016-03-11 16:25:11 UTC | Link ID | Red Hat Knowledge Base (Solution) 2197151 | |
| Milan P. Gandhi | 2016-03-12 08:35:45 UTC | Flags | needinfo?(mgandhi) | |
| Marcel Kolaja | 2016-03-14 12:27:37 UTC | CC | mkolaja | |
| Flags | needinfo?(sbradley) | |||
| Shane Bradley | 2016-03-15 14:13:32 UTC | Flags | needinfo?(sbradley) | |
| Siddharth Nagar | 2016-03-15 15:26:04 UTC | CC | bressers | |
| Flags | needinfo?(bressers) | |||
| Josh Bressers | 2016-03-16 18:06:45 UTC | Flags | needinfo?(bressers) | |
| Sat6QE Jenkins | 2016-03-28 20:15:54 UTC | Status | POST | MODIFIED |
| Mike McCune | 2016-03-28 23:40:50 UTC | Status | MODIFIED | POST |
| Chris Feist | 2016-04-22 22:06:05 UTC | Priority | high | urgent |
| Severity | high | urgent | ||
| Ivan Devat | 2016-05-31 12:23:17 UTC | Status | POST | MODIFIED |
| Fixed In Version | pcs-0.9.151-1.el7 | |||
| errata-xmlrpc | 2016-05-31 13:23:43 UTC | Status | MODIFIED | ON_QA |
| Shane Bradley | 2016-06-12 16:13:15 UTC | Link ID | Red Hat Knowledge Base (Solution) 2192161 | |
| Radek Steiger | 2016-07-26 15:36:27 UTC | Status | ON_QA | VERIFIED |
| Chris Feist | 2016-08-16 21:42:51 UTC | Keywords | FutureFeature | |
| Andrew Sanders | 2016-09-16 22:07:14 UTC | CC | asanders | |
| Chris Feist | 2016-09-16 22:59:57 UTC | Flags | needinfo?(asanders) | |
| Milan Navratil | 2016-09-28 19:03:11 UTC | CC | mnavrati | |
| Doc Text | Cause: There is no possibility to set SSL options and ciphers in pcsd. Consequence: If a vulnerability is found in a particular version of SSL/TLS protocol or a cipher or they are considered weak for other reasons, there is no easy way for users to disable the protocol version or cipher. Fix: Disable RC4 ciphers and TLS lower than 1.2 by default. Add possibility to configure SSL options and ciphers. Result: Weak ciphers are disabled by default. It is possible to set SSL options and ciphers so user can disable weak ciphers in future easily. | *pcsd* now supports setting SSL options and ciphers Previously, the *pcsd* service did not enable the user to easily disable a cipher or a particular version of the SSL or TSL protocol if a vulnerability was found of if the protocol version or the cipher was considered weak for some reason. With this update, the user can easily configure SSL options and ciphers in *pcsd*, and RC4 ciphers as well as TLS protocol version 1.2 and earlier are disabled by default. |
||
| Milan Navratil | 2016-09-28 19:03:45 UTC | Docs Contact | mnavrati | |
| Doc Type | Bug Fix | Release Note | ||
| Andrew Sanders | 2016-10-05 21:02:07 UTC | Flags | needinfo?(asanders) | |
| Ondrej Benes | 2016-10-11 15:52:16 UTC | CC | obenes | |
| Milan Navratil | 2016-10-21 01:17:32 UTC | Doc Text | *pcsd* now supports setting SSL options and ciphers Previously, the *pcsd* service did not enable the user to easily disable a cipher or a particular version of the SSL or TSL protocol if a vulnerability was found of if the protocol version or the cipher was considered weak for some reason. With this update, the user can easily configure SSL options and ciphers in *pcsd*, and RC4 ciphers as well as TLS protocol version 1.2 and earlier are disabled by default. | *pcsd* now supports setting SSL options and ciphers Previously, the *pcsd* service did not enable the user to easily disable a cipher or a particular version of the SSL or TSL protocol if a vulnerability was found of if the protocol version or the cipher was considered weak for some reason. With this update, the user can easily configure SSL options and ciphers in *pcsd*, and RC4 ciphers as well as TLS protocol version 1.1 and earlier are disabled by default. |
| errata-xmlrpc | 2016-11-02 14:36:48 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2016-11-03 20:58:06 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-03 16:58:06 UTC |
Back to bug 1315652