Bug 1548093 - smart_proxy_dynflow_core weak cipher
Summary: smart_proxy_dynflow_core weak cipher
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.2.14
Hardware: Unspecified
OS: Unspecified
high
high vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Lukas Pramuk
URL:
Whiteboard:
Depends On: 1388198
Blocks: 1545876
TreeView+ depends on / blocked
 
Reported: 2018-02-22 16:55 UTC by Mike McCune
Modified: 2020-06-11 13:59 UTC (History)
22 users (show)

Fixed In Version: foreman-installer-1.11.0.19-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1388198
Environment:
Last Closed: 2018-05-21 20:16:44 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 17078 Normal Closed smart_proxy_dynflow_core weak cipher 2020-03-23 12:04:42 UTC
Foreman Issue Tracker 19956 Normal Closed Installer should allow ssl_disabled_ciphers to be set for dynflow_core 2020-03-23 12:04:42 UTC
Red Hat Product Errata RHBA-2018:1672 None None None 2018-05-21 20:17:13 UTC

Comment 3 Lukas Pramuk 2018-05-02 09:18:58 UTC
FailedQA.

@satellite-6.2.15-1.0.el7sat.noarch
tfm-rubygem-smart_proxy_dynflow_core-0.1.3.1-1.el7sat.noarch

# nmap --script +ssl-enum-ciphers localhost -p 8008 | grep -e weak -e TLSv -e SSLv
|   TLSv1.1: 
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|   TLSv1.2: 
|       TLS_RSA_WITH_IDEA_CBC_SHA - weak
|_  least strength: weak


>>> weak ciphers are still used

Comment 5 Lukas Pramuk 2018-05-15 22:15:05 UTC
VERIFIED.

@satellite-6.2.15-1.0.el7sat.noarch
tfm-rubygem-smart_proxy_dynflow_core-0.1.3.2-1.el7sat.noarch

# nmap --script +ssl-enum-ciphers localhost -p 8008
...
PORT     STATE SERVICE
8008/tcp open  http
| ssl-enum-ciphers: 
|   TLSv1.1: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors: 
|       NULL
|   TLSv1.2: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors: 
|       NULL
|_  least strength: strong

>>> least strength cipher is strong

Comment 8 errata-xmlrpc 2018-05-21 20:16:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1672


Note You need to log in before you can comment on or make changes to this bug.