Back to bug 2176547
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Milind | 2023-03-08 16:15:44 UTC | CC | nia | |
| Flags | needinfo?(nia) | |||
| Red Hat One Jira (issues.redhat.com) | 2023-03-08 16:16:27 UTC | Link ID | Red Hat Issue Tracker RHCEPH-6245 | |
| Red Hat One Jira (issues.redhat.com) | 2023-03-08 16:16:39 UTC | Link ID | Red Hat Issue Tracker RHCSDASH-942 | |
| Nizamudeen | 2023-03-09 13:29:18 UTC | Flags | needinfo?(nia) | |
| Assignee | nia | pegonzal | ||
| Status | NEW | ASSIGNED | ||
| Target Release | 6.1z1 | 6.1 | ||
| Nizamudeen | 2023-03-09 13:30:17 UTC | Link ID | Ceph Project Bug Tracker 58942 | |
| Nizamudeen | 2023-03-14 06:30:24 UTC | Assignee | pegonzal | epuertat |
| Link ID | Github ceph/ceph/pull/50494 | |||
| Status | ASSIGNED | POST | ||
| Milind | 2023-03-15 12:53:33 UTC | Flags | needinfo?(epuertat) | |
| CC | epuertat | |||
| Nizamudeen | 2023-03-15 13:53:08 UTC | Target Release | 6.1 | 5.3z2 |
| Nizamudeen | 2023-03-15 13:54:16 UTC | Flags | needinfo?(epuertat) | |
| errata-xmlrpc | 2023-03-30 15:59:48 UTC | CC | tserlin | |
| Status | POST | MODIFIED | ||
| Status | MODIFIED | ON_QA | ||
| Sayalee | 2023-04-04 09:29:26 UTC | Status | ON_QA | VERIFIED |
| Akash Raj | 2023-04-10 14:24:32 UTC | Flags | needinfo?(epuertat) | |
| CC | akraj | |||
| Akash Raj | 2023-04-10 14:24:48 UTC | Docs Contact | asriram | akraj |
| Ernesto Puerta | 2023-04-10 16:25:56 UTC | Flags | needinfo?(epuertat) | |
| Doc Text | Cause: Some TLS 1.2 cypher suites might be vulnerable to "ROBOT" attacks. Consequence: While modern browsers will favor TLS 1.3 over 1.2, under some specific circumstances a bad actor might force the server to accept a TLS 1.2 session over a vulnerable protocol-cypher suite (RSA) and then manage to obtain text signed by the server with its private certificate. Nonetheless, this threat is not very impactful in the case of private websites, such as the Ceph Dashboard. Fix: Remove support for TLS 1.2 protocols and cypher suites. Result: Only TLS 1.3 sessions are accepted. | |||
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Akash Raj | 2023-04-11 05:36:45 UTC | Blocks | 2185621 | |
| Akash Raj | 2023-04-11 07:25:53 UTC | Doc Text | Cause: Some TLS 1.2 cypher suites might be vulnerable to "ROBOT" attacks. Consequence: While modern browsers will favor TLS 1.3 over 1.2, under some specific circumstances a bad actor might force the server to accept a TLS 1.2 session over a vulnerable protocol-cypher suite (RSA) and then manage to obtain text signed by the server with its private certificate. Nonetheless, this threat is not very impactful in the case of private websites, such as the Ceph Dashboard. Fix: Remove support for TLS 1.2 protocols and cypher suites. Result: Only TLS 1.3 sessions are accepted. | .TLS 1.2 protocols and cypher suites are no longer supported Previously, some TLS 1.2 cypher suites were vulnerable to *ROBOT* attacks. Although modern browsers favoured TLS 1.3 over 1.2, under specific circumstances, a bad actor could have forced the server to accept a TLS 1.2 session over a vulnerable protocol-cypher suite (RSA) and would manage to obtain a text signed by the server with its private certificate. With this fix, support for TLS 1.2 protocols and cypher suites is removed and only TLS 1.3 sessions are accepted. |
| errata-xmlrpc | 2023-04-11 16:06:41 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2023-04-11 20:07:59 UTC | Resolution | --- | ERRATA |
| Status | RELEASE_PENDING | CLOSED | ||
| Last Closed | 2023-04-11 20:07:59 UTC | |||
| errata-xmlrpc | 2023-04-11 20:08:56 UTC | Link ID | Red Hat Product Errata RHBA-2023:1732 | |
| Ranjini M N | 2023-05-19 07:10:58 UTC | CC | lema | |
| Blocks | 2203283 | |||
| Blocks | 2203283 |
Back to bug 2176547