Bug #3443
SSL ciphers not adjustable
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-httpd | |||
Target version: | v6.9 | |||
Security class: | Resolution: | |||
Affected version: | v6.9 | NEEDINFO: | No |
Description
Changes to httpd ssl ciphers are not applied.
Steps to reproduce:
[root@mail ~]# config setprop httpd SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH [root@mail ~]# config getprop httpd SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH [root@mail ~]# signal-event nethserver-httpd-update [root@mail ~]# config getprop httpd SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
Associated revisions
History
#1 Updated by Filippo Carletti over 3 years ago
- Category set to nethserver-httpd
- Assignee set to Filippo Carletti
- Target version set to v6.9
- Affected version set to v6.9
Proposed fix:
[root@mail ~]# diff -u issue3246.ns6_7 /etc/e-smith/db/configuration/migrate/issue3246.ns6_7 --- issue3246.ns6_7 2017-12-21 12:27:18.581187857 +0100 +++ /etc/e-smith/db/configuration/migrate/issue3246.ns6_7 2017-12-21 12:11:54.184234146 +0100 @@ -8,7 +8,7 @@ $old_default = "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"; $cur = $DB->get_prop('httpd', 'SSLCipherSuite'); - if ($cur = $old_default) { + if ($cur eq $old_default) { $DB->set_prop('httpd', 'SSLCipherSuite', 'DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES'); } '';
#2 Updated by Filippo Carletti over 3 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
In nethserver-testing:
nethserver-httpd-2.5.3-1.2.gb054221.ns6.noarch.rpm
See steps to reproduce: ciphers should be kept intact after signal-event.
#3 Updated by Filippo Carletti over 3 years ago
- Status changed from TRIAGED to MODIFIED
- % Done changed from 20 to 60
#4 Updated by Filippo Carletti over 3 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Filippo Carletti) - % Done changed from 60 to 70
#5 Updated by Giacomo Sanchietti over 3 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Verified.
#6 Updated by Giacomo Sanchietti over 3 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released:
nethserver-httpd-2.5.4-1.ns6.noarch.rpm