Bug 1305779
Summary: | Weak ciphers and sslv3 on satellite | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Abel Lopez <abelopez> |
Component: | Security | Assignee: | satellite6-bugs <satellite6-bugs> |
Status: | CLOSED DUPLICATE | QA Contact: | Katello QA List <katello-qa-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.1.5 | CC: | bkearney, howey.vernon, security-response-team, tbrisker |
Target Milestone: | Unspecified | Keywords: | Security |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-06-27 12:15:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1153811, 1305938, 1432305 |
Description
Abel Lopez
2016-02-09 08:51:13 UTC
This is Kurt from Product Security, just to let you know we're keeping an eye on this and I'll be talking to the Satellite 6 people about it. Thanks for reporting this! So for securing the SSL/TLS config a good resource is: https://mozilla.github.io/server-side-tls/ssl-config-generator/ For Apache 2.4/OpenSSL 1.0.1e (RHEL7) SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on docs on most of our ssl/tls services and how to configure them: https://access.redhat.com/articles/1462183 *** This bug has been marked as a duplicate of bug 1153826 *** |