Bug 1327764

Summary: Satellite 6 Modified the SSLCipherSuite to be: SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:!MEDIUM:!LOW
Product: Red Hat Satellite Reporter: Fotios Tsiadimos <ftsiadim>
Component: SecurityAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED NEXTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.1.5CC: abalakht, bkearney, dlobatog, ftsiadim, kseifried, mmccune, shughes, stbenjam, wburrows, xdmoon
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-14 18:18:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fotios Tsiadimos 2016-04-15 21:35:42 UTC 
Description of problem:

Modify the SSLCipherSuite broke the Satellite server after upgrade.

ssl.conf:

added to SSLProtocol ALL -SSLv2 -SSLv3

Modified the SSLCipherSuite to be:

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:!MEDIUM:!LOW



Version-Release number of selected component (if applicable):


Satellite 6.5
Comment 8 Kurt Seifried 2017-02-28 17:48:38 UTC 
I would suggest using this:

https://mozilla.github.io/server-side-tls/ssl-config-generator/

and choosing Intermediate (compatible back to Java 7) or Modern (only compatible back to Java 8) ideally.
Comment 12 Bryan Kearney 2017-08-14 18:18:24 UTC 
Satellite 6.3 has the following

>   SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
>   SSLProtocol all -SSLv2 -SSLv3

Which should be acceptable. Closing this out as "NEXTRELEASE" for inclusion with 6.3