Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1637261

Summary: RFE disable weak encryption in RHUA 3
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: Harshad More <hmore>
Component: SecurityAssignee: Pavlina Bartikova <pbartiko>
Status: CLOSED ERRATA QA Contact: Radek Bíba <rbiba>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.0.5CC: majcooo, mminar, pbartiko, ramsingh
Target Milestone: 3.1.5Keywords: FutureFeature
Target Release: 3.1.x   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-11 16:11:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harshad More 2018-10-09 03:11:59 UTC 
1. Proposed title of this feature request 

> RFE disable weak encryption in RHUA 3

2. What is the nature and description of the request?

One of customer wanted to use TLSv1.2 on RHUA as well as CDS server.
To make RHUI3 PCI compliant by disabling old SSLv3/TLSv1 protocols.

PCI vulnerability scans shows the following issues:

1. puppet master process on RHUA server port 8140 has SSLv3 and TLSv1 protocols enabled
2. crane web server on CDS server port 5000 (docker) has TLSv1 protocol enabled

Both SSLv3 and TLSv1 need to be disabled on all services on PCI compliant servers. Please provide a supported way how to disable these protocols on RHUI.

3. Where are you experiencing the behavior?  What environment?

Redhat Update Appliance (RHUA) - port 8140 
Content Delivery Server (CDS) - port 5000

4. Why does the customer need this? (List the business requirements here)

> need to run RHUIv3 in PCI compliant environments

5. Is there already an existing issue upstream or in Red Hat Bugzilla?  
> No

6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
> No.  
     
7. Is the sales team involved in this request and do they have any additional input?  
> No.

8. List any affected packages or components.
> rhui-tools, puppet, pulp, httpd

9. Would the customer be able to assist in testing this functionality if implemented?
> Yes

Additional info:
Comment 10 errata-xmlrpc 2020-03-11 16:11:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:0791