Bug 1463602
Summary: | Capsule 05-pulp-https.conf ssl protocols does not disable sslv3 triggering RedHat Insights Action | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Peter Vreman <peter.vreman> |
Component: | Installation | Assignee: | satellite6-bugs <satellite6-bugs> |
Status: | CLOSED ERRATA | QA Contact: | Radovan Drazny <rdrazny> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2.9 | CC: | bbuckingham, bkearney, ddolguik, ekohlvan, mhulan, rdrazny |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-02-21 17:02:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1122832 |
Description
Peter Vreman
2017-06-21 09:56:54 UTC
Upstream this was fixed in https://github.com/Katello/puppet-pulp/commit/145cfadc0b53204514938f839e116778084e5311 and released as puppet-pulp 3.5.0. It wasn't part of the original katello 3.2 which shipped puppet-pulp 3.4.0 This should already be in sat 6.3. Can you update the target milestone to match it will be included? Peter, it's not yet clear in what version this will land in. Right now the plan is to deliver it in future Satellite 6.3 release. Verified on Satellite 6.3 Snap 19. As there currently is no easy way for Satellite 6.3 installed from scratch to register to RHAI, I have installed a Sat 6.2 server, registered it to prod, and then upgraded to Satellite 6.3. RHAI for Sat 6.2 Capsule server shows action as described in the initial report. After upgrade and refresh of RHAI data, there is no action for the Sat 6.3 Capsule server required. On the Capsule server SSLv3 is disabled: $ grep -R SSLProto /etc/httpd/ /etc/httpd/conf.d/05-pulp-https.conf: SSLProtocol all -SSLv2 -SSLv3 /etc/httpd/conf.d/25-puppet.conf: SSLProtocol ALL -SSLv2 -SSLv3 /etc/httpd/conf.d/ssl.conf: SSLProtocol all -SSLv2 -SSLv3 VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 |