Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #29244: Default to disabling SSLv3 #805

Closed
wants to merge 1 commit into from
Closed

Fixes #29244: Default to disabling SSLv3 #805

wants to merge 1 commit into from

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented Mar 2, 2020

This is mostly until EL5 EOLs.

@ehelms
Fixes #29244: Default to disabling SSLv3
0adbd20 
This is mostly until EL5 EOLs.
ekohl
ekohl requested changes Mar 2, 2020
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dislike this. We should be preferring to configure it Apache wide. We may even make it more insecure when Apache already disables TLS 1.0 and 1.1.

If needed, we should be setting this in https://github.com/theforeman/foreman-installer/blob/develop/config/foreman.hiera/security.yaml

@ehelms
Copy link
Member Author

ehelms commented Mar 2, 2020

Should I file an issue to drop this parameter from this module? My logic for the question is that if we shouldnt be doing this here, we probably should remove the ability to.

@ehelms
Copy link
Member Author

ehelms commented Mar 2, 2020

Replaced by theforeman/foreman-installer#480

@ehelms ehelms closed this Mar 2, 2020
@ekohl
Copy link
Member

ekohl commented Mar 2, 2020

Should I file an issue to drop this parameter from this module? My logic for the question is that if we shouldnt be doing this here, we probably should remove the ability to.

I was actually thinking about that. It was introduced in 0602750 but e40c8dc allows you to set this via hiera. Given this is not the primary way we should be setting this, I think it should be dropped but hadn't gotten around to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl requested changes

Assignees
No one assigned
Labels
Needs testing Waiting on contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ehelms @ekohl @theforeman-bot