Bug #3443

SSL ciphers not adjustable

Added by Filippo Carletti 8 months ago. Updated 8 months ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-httpd
Target version:v6.9
Security class: Resolution:
Affected version:v6.9 NEEDINFO:No

Description

Changes to httpd ssl ciphers are not applied.

Steps to reproduce:

[root@mail ~]# config setprop httpd SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
[root@mail ~]# config getprop httpd SSLCipherSuite
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
[root@mail ~]# signal-event nethserver-httpd-update
[root@mail ~]# config getprop httpd SSLCipherSuite
DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES

Associated revisions

Revision 975fb69c
Added by Giacomo Sanchietti 8 months ago

Merge pull request #15 from filippocarletti/v6

Fix db SSLCipherSuite default Refs #3443

History

#1 Updated by Filippo Carletti 8 months ago

  • Category set to nethserver-httpd
  • Assignee set to Filippo Carletti
  • Target version set to v6.9
  • Affected version set to v6.9

Proposed fix:

[root@mail ~]# diff -u issue3246.ns6_7 /etc/e-smith/db/configuration/migrate/issue3246.ns6_7
--- issue3246.ns6_7    2017-12-21 12:27:18.581187857 +0100
+++ /etc/e-smith/db/configuration/migrate/issue3246.ns6_7    2017-12-21 12:11:54.184234146 +0100
@@ -8,7 +8,7 @@
     $old_default = "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM";
     $cur = $DB->get_prop('httpd', 'SSLCipherSuite');

-    if ($cur = $old_default) {
+    if ($cur eq $old_default) {
         $DB->set_prop('httpd', 'SSLCipherSuite', 'DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES');
     }
     '';

#2 Updated by Filippo Carletti 8 months ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

In nethserver-testing:
nethserver-httpd-2.5.3-1.2.gb054221.ns6.noarch.rpm
See steps to reproduce: ciphers should be kept intact after signal-event.

#3 Updated by Filippo Carletti 8 months ago

  • Status changed from TRIAGED to MODIFIED
  • % Done changed from 20 to 60

#4 Updated by Filippo Carletti 8 months ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Filippo Carletti)
  • % Done changed from 60 to 70

#5 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Verified.

#6 Updated by Giacomo Sanchietti 8 months ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

Released:
nethserver-httpd-2.5.4-1.ns6.noarch.rpm

Also available in: Atom PDF