Bug #3443: SSL ciphers not adjustable - NethServer 6 - NethServer.org

Bug #3443

« Previous | Next »

SSL ciphers not adjustable

Added by Filippo Carletti over 3 years ago. Updated over 3 years ago.

Status:

CLOSED

Start date:

Priority:

Normal

Due date:

Assignee:

% Done:

100%

Category:

nethserver-httpd

Target version:

v6.9

Security class:

Resolution:

Affected version:

v6.9

NEEDINFO:

Description

Changes to httpd ssl ciphers are not applied.

Steps to reproduce:

[root@mail ~]# config setprop httpd SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
[root@mail ~]# config getprop httpd SSLCipherSuite
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
[root@mail ~]# signal-event nethserver-httpd-update
[root@mail ~]# config getprop httpd SSLCipherSuite
DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES

Associated revisions

Revision 975fb69c
Added by Giacomo Sanchietti over 3 years ago

Merge pull request #15 from filippocarletti/v6

Fix db SSLCipherSuite default Refs #3443

History

#1 Updated by Filippo Carletti over 3 years ago

Category set to nethserver-httpd
Assignee set to Filippo Carletti
Target version set to v6.9
Affected version set to v6.9

Proposed fix:

[root@mail ~]# diff -u issue3246.ns6_7 /etc/e-smith/db/configuration/migrate/issue3246.ns6_7
--- issue3246.ns6_7    2017-12-21 12:27:18.581187857 +0100
+++ /etc/e-smith/db/configuration/migrate/issue3246.ns6_7    2017-12-21 12:11:54.184234146 +0100
@@ -8,7 +8,7 @@
     $old_default = "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM";
     $cur = $DB->get_prop('httpd', 'SSLCipherSuite');

-    if ($cur = $old_default) {
+    if ($cur eq $old_default) {
         $DB->set_prop('httpd', 'SSLCipherSuite', 'DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES');
     }
     '';