Skip to content

/ icinga2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dev.icinga.com #11290] ApiListener: Force server's preferred cipher #3997

Closed
icinga-migration opened this issue Mar 3, 2016 · 5 comments
Closed

[dev.icinga.com #11290] ApiListener: Force server's preferred cipher #3997

icinga-migration opened this issue Mar 3, 2016 · 5 comments
Labels
area/api enhancement
Milestone
2.5.0

Comments

@icinga-migration
Copy link
Member

@icinga-migration icinga-migration commented Mar 3, 2016

This issue has been migrated from Redmine: https://dev.icinga.com/issues/11290

Created by tobiasvdk on 2016-03-03 12:55:29 +00:00

Assignee: tobiasvdk
Status: Resolved (closed on 2016-06-16 08:21:21 +00:00)
Target Version: 2.5.0
Last Update: 2016-06-16 08:21:21 +00:00 (in Redmine)

Backport?: Not yet backported
Include in Changelog: 1

Enable SSL_OP_CIPHER_SERVER_PREFERENCE to use the strongest cipher suite the client offers:

When choosing a cipher, use the server's preferences instead of the client preferences.
When not set, the SSL server will always follow the clients preferences.
When set, the SSL/TLS server will choose following its own preferences.

Changesets

2016-03-04 07:14:03 +00:00 by (unknown) 0d06422

Use the server's preferred cipher for the API connection

When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher
is used instead of the client preference, see
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

refs #11290

2016-03-04 13:57:06 +00:00 by (unknown) ce30629

Use the server's preferred cipher for the API connection

When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher
is used instead of the client preference, see
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

fixes #11290

Relations:
@icinga-migration
Copy link
Member Author

@icinga-migration icinga-migration commented Mar 3, 2016

Updated by tobiasvdk on 2016-03-03 12:55:43 +00:00

  • Relates set to 11063
@icinga-migration
Copy link
Member Author

@icinga-migration icinga-migration commented Mar 4, 2016

Updated by Anonymous on 2016-03-04 14:40:04 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset ce30629.
@icinga-migration
Copy link
Member Author

@icinga-migration icinga-migration commented Mar 4, 2016

Updated by mfriedrich on 2016-03-04 14:46:28 +00:00

  • Status changed from Resolved to Assigned

Before pushing to git master, please let us know about such changes - especially regarding compatibility with all platforms to be tested in terms of openssl.

Kind regards,
Michael
@icinga-migration
Copy link
Member Author

@icinga-migration icinga-migration commented Mar 18, 2016

Updated by mfriedrich on 2016-03-18 10:53:42 +00:00

  • Target Version set to 2.5.0

Setting the target version so that we do not forget about a final review and tests for that change.
@icinga-migration
Copy link
Member Author

@icinga-migration icinga-migration commented Jun 16, 2016

Updated by mfriedrich on 2016-06-16 08:21:21 +00:00

  • Status changed from Assigned to Resolved
@icinga-migration icinga-migration added this to the 2.5.0 milestone Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/api enhancement
Projects
None yet
Milestone
2.5.0
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@icinga-migration
You can’t perform that action at this time.