Description of problem: engine-setup configures the httpd ssl configuration (/etc/httpd/conf.d/ssl.conf) and enables all protocols except SSLv3 and TLSv1. SSLProtocol all -SSLv3 -TLSv1 The Red Hat insights suggest using only TLSv1.2. Teh following configuration s are suggested: SSLProtocol -all +TLSv1.2 or SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 Version-Release number of selected component (if applicable): rhv 4.3.9 How reproducible: 100% Steps to Reproduce: 1. grep SSLProtocol /etc/httpd/conf.d/ssl.conf 2. Modify the configuration of SSLProtocol 3. engine-setup 4. grep SSLProtocol /etc/httpd/conf.d/ssl.conf Actual results: The SSLProtocols are set to SSLProtocol all -SSLv3 -TLSv1 Expected results: The following is set SSLProtocol -all +TLSv1.2 or SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 Additional info: https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/ Insights rule: Decreased security: httpd using deprecated TLSv1.1 protocol
$ git tag --contains 7591ed6153294ea3daa3df178f36431edf3b786a ovirt-engine-4.4.1.5
Verified on ovirt-engine-4.4.1.8-0.7.el8ev.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3247