Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ipa-4-6] Update the ciphers list #3373

Closed
wants to merge 1 commit into from
Closed

[ipa-4-6] Update the ciphers list #3373

wants to merge 1 commit into from

Conversation

flo-renaud
Copy link
Contributor

The previous list of ciphers was allowing weak algorithms.
The fix removes:

  • kECDH: cipher suites using fixed ECDH key agreement signed by CAs with RSA
    and ECDSA keys or either respectively.
  • kDH: cipher suites using DH key agreement and DH certificates signed by
    CAs with RSA and DSS keys or either respectively.

Fixes: https://pagure.io/freeipa/issue/8000

@flo-renaud
Update the ciphers list
46a568d 
The previous list of ciphers was allowing weak algorithms.
The fix removes:
- kECDH: cipher suites using fixed ECDH key agreement signed by CAs with RSA
and ECDSA keys or either respectively.
- kDH: cipher suites using DH key agreement and DH certificates signed by
CAs with RSA and DSS keys or either respectively.

Fixes: https://pagure.io/freeipa/issue/8000
@flo-renaud flo-renaud added the needs review Pull Request is waiting for a review label Jul 5, 2019
@flo-renaud flo-renaud changed the title Update the ciphers list [ipa-4-6] Update the ciphers list Jul 5, 2019
@flo-renaud
Copy link
Contributor Author

Note: this change is required only on ipa-4-6 branch as newer branches use ciphers defined at the system level

@flo-renaud flo-renaud added the ipa-4-6 Mark for backport to ipa 4.6 label Jul 8, 2019
@abbra
Copy link
Contributor

abbra commented Jul 17, 2019

LGTM.
@tiran any opinion here?

@tiran tiran added ack Pull Request approved, can be merged and removed ipa-4-6 Mark for backport to ipa 4.6 labels Jul 17, 2019
@tiran
Copy link
Member

tiran commented Jul 17, 2019

Go for it!

@abbra abbra added pushed Pull Request has already been pushed and removed needs review Pull Request is waiting for a review labels Jul 17, 2019
@abbra
Copy link
Contributor

abbra commented Jul 17, 2019

ipa-4-6:

@abbra abbra closed this Jul 17, 2019
@flo-renaud flo-renaud deleted the t8000 branch July 18, 2019 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran tiran approved these changes

Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@flo-renaud @abbra @tiran