New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refs #22391 - support disabling specific TLS versions #43
Conversation
@stbenjam, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
@stbenjam, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This matches the smart-proxy core code.
@stbenjam, the Redmine ticket used is for a different project than the one associated with this GitHub repository. Please either:
If changing the ticket number used, remember to update the PR title and the commit message (using This message was auto-generated by Foreman's prprocessor |
I think @theforeman-bot is misconfigured, the issue is filed against Smart Proxy Dynflow category. |
But it wants it in the foreman-tasks project. Rather than the REX plugin. I think that makes sense. |
Weird that REX has a Smart Proxy Dynflow category then. I moved it to Foreman tasks, hopefully that makes the bot happy. |
@@ -90,6 +90,19 @@ def https_app | |||
ssl_options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) | |||
ssl_options |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1) | |||
|
|||
if Settings.instance.tls_disabled_versions | |||
Settings.instance.tls_disabled_versions.each do |version| | |||
constant = OpenSSL::SSL.const_get("OP_NO_TLSv#{version.gsub(/\./, '_')}") rescue nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a potential issue, when the user would specify 1.1
instead of '1.1'
in settings. I've added additional to_s
there, just in case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and works well, besides the small caveat with the string conversion, fixed that while merging
Merged as 60eba19 |
Smart-proxy-dynflow and smart-proxy-dynflow-core 0.1.10 pushed to rubygems |
Adapted from theforeman/smart-proxy#559