Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refs #22391 - support disabling specific TLS versions #43

Closed
wants to merge 1 commit into from

Conversation

stbenjam
Copy link
Member

@theforeman-bot
Copy link
Member

@stbenjam, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:

If changing the ticket number used, remember to update the PR title and the commit message (using git commit --amend).


This message was auto-generated by Foreman's prprocessor

@theforeman-bot
Copy link
Member

@stbenjam, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:

If changing the ticket number used, remember to update the PR title and the commit message (using git commit --amend).


This message was auto-generated by Foreman's prprocessor

Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This matches the smart-proxy core code.

@theforeman-bot
Copy link
Member

@stbenjam, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:

If changing the ticket number used, remember to update the PR title and the commit message (using git commit --amend).


This message was auto-generated by Foreman's prprocessor

@stbenjam
Copy link
Member Author

I think @theforeman-bot is misconfigured, the issue is filed against Smart Proxy Dynflow category.

@ekohl
Copy link
Member

ekohl commented Jan 25, 2018

But it wants it in the foreman-tasks project. Rather than the REX plugin. I think that makes sense.

@stbenjam
Copy link
Member Author

Weird that REX has a Smart Proxy Dynflow category then. I moved it to Foreman tasks, hopefully that makes the bot happy.

@@ -90,6 +90,19 @@ def https_app
ssl_options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
ssl_options |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)

if Settings.instance.tls_disabled_versions
Settings.instance.tls_disabled_versions.each do |version|
constant = OpenSSL::SSL.const_get("OP_NO_TLSv#{version.gsub(/\./, '_')}") rescue nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was a potential issue, when the user would specify 1.1 instead of '1.1' in settings. I've added additional to_s there, just in case.

Copy link
Member

@iNecas iNecas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works well, besides the small caveat with the string conversion, fixed that while merging

@iNecas
Copy link
Member

iNecas commented Jan 27, 2018

Merged as 60eba19

@iNecas iNecas closed this Jan 27, 2018
@iNecas
Copy link
Member

iNecas commented Jan 27, 2018

Smart-proxy-dynflow and smart-proxy-dynflow-core 0.1.10 pushed to rubygems

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants