By default SSLInsecureRenegotiation is enabled here: ~~~ [root@iridium ~]# vi /etc/httpd/conf.d/10-pulp.conf # allow older yum clients to connect, see bz 647828 SSLInsecureRenegotiation on ~~~ It looks like in bz 1174942 we already wanted to have this disabled, but it's still enabled by default even in Satellite 6.8. If we still have reason to enable this by default then perhaps an installer option to disable it, or changing the value via custom-hiera if it can be edited there.
For now this can be turned off and made persistent by editing /usr/share/foreman-installer/modules/pulp/templates/pulp.conf.erb: ~~~ [root@iridium ~]# vi /usr/share/foreman-installer/modules/pulp/templates/pulp.conf.erb # allow older yum clients to connect, see bz 647828 SSLInsecureRenegotiation off <-- make this change from on to off Run the installer and it remains off: [root@iridium ~]# grep -ir SSLInsecureRenegotiation /etc/httpd/ /etc/httpd/conf.d/10-pulp.conf:SSLInsecureRenegotiation off ~~~
Created redmine issue https://projects.theforeman.org/issues/32762 from this bug
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32762 has been resolved.
Verified on 6.9.3 Snap2. Verification Points: 1- By default "SSLInsecureRenegotiation" is unavailable in /usr/share/foreman-installer/modules/pulp/templates/pulp.conf.erb and /etc/httpd/conf.d/10-pulp.conf' # grep -ir SSLInsecureRenegotiation /etc/httpd/ [root@dhcp-3-56 ~]# # grep -ir SSLInsecureRenegotiation /usr/share/foreman-installer/modules/pulp/templates/pulp.conf.erb [root@dhcp-3-56 ~]# 2-# rpm -qa|grep foreman-installer-2.3.1.15-1 foreman-installer-2.3.1.15-1.el7sat.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Satellite 6.9.3 Async Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2636