Bug 1778250 - RHV metric store allows lower versions of TLS with no way to configure which versions should be allowed.
Summary: RHV metric store allows lower versions of TLS with no way to configure which ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-metrics
Version: 4.3.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Shirly Radco
QA Contact: Lucie Leistnerova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-29 15:39 UTC by Frank DeLorey
Modified: 2023-10-06 18:50 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1778856 (view as bug list)
Environment:
Last Closed: 2020-06-18 13:42:25 UTC
oVirt Team: Metrics
Target Upstream Version:
Embargoed:
lsvaty: testing_plan_complete-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHV-43247 0 None None None 2021-08-30 12:30:37 UTC
Red Hat Knowledge Base (Article) 4651891 0 None None None 2019-12-11 15:54:30 UTC
Red Hat Knowledge Base (Solution) 5161761 0 None None None 2020-06-17 01:09:16 UTC

Description Frank DeLorey 2019-11-29 15:39:50 UTC 
Description of problem:
Security scan of port 443 for the metrics store reports: TLS Version 1.1 Protocol Detection: The remote service encrypts traffic using an older version of TLS.

Version-Release number of selected component (if applicable):

RHV 4.3.5

How reproducible:

Every time.

Steps to Reproduce:
1.Install metrics store on RHV
2.Run a security scan

Actual results:

Security scan report metric store is allowing older TLS versions

Expected results:

We should be using TLS 1.2 or make it configurable for customers required to eliminate TLS 1.1

Additional info:

It appears this is configurable on Kibana however I cannot find a way to do this with our current installation method or how to change it after installation.
Note You need to log in before you can comment on or make changes to this bug.