centos-infra

Clone
Source Code
GIT

#499 Modernize the TLS ciphers through common settings on all https sites
Closed: Fixed with Explanation 2 years ago by arrfab. Opened 2 years ago by arrfab.

Closed: Fixed with Explanation
Reopen Issue

While we use ansible to deploy all configurations (including https vhost and tls settings), we'd like to modernize that through simple snippet that can be coming from ansible inventory and also review some vhost still allowing TLSv1 and TLSv1.1.

Actions plan:

  • centralize all settings in the httpd ansible role (can be changed through inventory)
  • review all roles to inherit from httpd role (should be the case but reviewing would be nice)

Metadata Update from @arrfab:
- Issue assigned to arrfab
2 years ago

Metadata Update from @arrfab:
- Issue tagged with: centos-ci-infra, centos-common-infra, high-gain, medium-trouble
2 years ago

All pushed in httpd role and working on roles importing httpd to ensure they'll use the new var/snippet.
Already live for www.centos.org : https://www.ssllabs.com/ssltest/analyze.html?d=www.centos.org

Relevant git commit that shows the httpd_tls_ciphers variable that can also be changed through inventory

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed with Explanation
- Issue status updated to: Closed (was: Open)
2 years ago

Login to comment on this ticket.

Metadata

medium-trouble centos-ci-infra centos-common-infra high-gain

None
None
Needs Review
Boards 2
CentOS_Common_Infrastructure Status: Backlog
CentOS CI Infra Status: Backlog
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.