Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #11290] ApiListener: Force server's preferred cipher #3997

Closed
icinga-migration opened this issue Mar 3, 2016 · 5 comments

Comments

Projects
None yet
1 participant
@icinga-migration
Copy link
Member

commented Mar 3, 2016

This issue has been migrated from Redmine: https://dev.icinga.com/issues/11290

Created by tobiasvdk on 2016-03-03 12:55:29 +00:00

Assignee: tobiasvdk
Status: Resolved (closed on 2016-06-16 08:21:21 +00:00)
Target Version: 2.5.0
Last Update: 2016-06-16 08:21:21 +00:00 (in Redmine)

Backport?: Not yet backported
Include in Changelog: 1

Enable SSL_OP_CIPHER_SERVER_PREFERENCE to use the strongest cipher suite the client offers:

When choosing a cipher, use the server's preferences instead of the client preferences.
When not set, the SSL server will always follow the clients preferences.
When set, the SSL/TLS server will choose following its own preferences.

Changesets

2016-03-04 07:14:03 +00:00 by (unknown) 0d06422

Use the server's preferred cipher for the API connection

When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher
is used instead of the client preference, see
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

refs #11290

2016-03-04 13:57:06 +00:00 by (unknown) ce30629

Use the server's preferred cipher for the API connection

When using SSL_OP_CIPHER_SERVER_PREFERENCE the server's preferred cipher
is used instead of the client preference, see
https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

fixes #11290

Relations:

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Mar 3, 2016

Updated by tobiasvdk on 2016-03-03 12:55:43 +00:00

  • Relates set to 11063
@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Mar 4, 2016

Updated by Anonymous on 2016-03-04 14:40:04 +00:00

  • Status changed from Assigned to Resolved
  • Done % changed from 0 to 100

Applied in changeset ce30629.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Mar 4, 2016

Updated by mfriedrich on 2016-03-04 14:46:28 +00:00

  • Status changed from Resolved to Assigned

Before pushing to git master, please let us know about such changes - especially regarding compatibility with all platforms to be tested in terms of openssl.

Kind regards,
Michael

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Mar 18, 2016

Updated by mfriedrich on 2016-03-18 10:53:42 +00:00

  • Target Version set to 2.5.0

Setting the target version so that we do not forget about a final review and tests for that change.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

commented Jun 16, 2016

Updated by mfriedrich on 2016-06-16 08:21:21 +00:00

  • Status changed from Assigned to Resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.