Bug 1517827
Summary: | [RFE] Satellite 6: add the ability to choose supported cipher suites for Tomcat | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Daniele <dconsoli> |
Component: | Candlepin | Assignee: | Barnaby Court <bcourt> |
Status: | CLOSED ERRATA | QA Contact: | Sanket Jagtap <sjagtap> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2.12 | CC: | aperotti, bbuckingham, bkearney, lzap, mhulan, rjerrido, sjagtap, tbrisker |
Target Milestone: | Unspecified | Keywords: | FutureFeature, Triaged |
Target Release: | Unused | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-02-21 12:39:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1541321 |
Comment 1
Tomer Brisker
2017-11-28 09:22:45 UTC
This should already be possible in Satellite 6.3 thanks to: https://github.com/theforeman/puppet-candlepin/commit/c5a36f728cc12443709d0437b205c4a9e32c0fbe This can be done by providing candlepin::ciphers variable in custom-hiera.yaml. Moving to ONQA for verification. Build: Satellite 6.3.0 snap 27 We are able to override the Ciphers in /etc/tomcat/server.xml using custom-hiera.yaml. [root@sgi-uv20-01 tomcat]# cat /etc/foreman-installer/custom-hiera.yaml | grep candlepin candlepin::ciphers: ['TLS_RSA_WITH_AES_128_CBC_SHA','TLS_DHE_RSA_WITH_AES_256_CBC_SHA'] satellite-installer Installing Done [100%] [................................................................................................................................] Success! cat /etc/tomcat/server.xml | grep ciphers -C 10 described in the APR documentation --> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="want" sslProtocols="TLSv1.2,TLSv1.1,TLSv1" keystoreFile="conf/keystore" truststoreFile="conf/keystore" keystoreType="PKCS12" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA" Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 |