OpenStack-Ansible

Specify ciphers with HAProxy SSL frontends

Bug #1498726 reported by Jimmy McCrory
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Wishlist
Jimmy McCrory

Bug Description

For increased security, a specific cipher suite should be specified when configuring HAProxy SSL frontends.

Jimmy McCrory (jimmy-mccrory)
Changed in openstack-ansible:
assignee: nobody → Jimmy McCrory (jimmy-mccrory)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/226610

Changed in openstack-ansible:
status: New → In Progress
Dolph Mathews (dolph)
tags: added: security
Changed in openstack-ansible:
importance: Undecided → Wishlist
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/226610
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=e0e56f57a0a54450038f6ff42ba3fcbf60d046d3
Submitter: Jenkins
Branch: master

commit e0e56f57a0a54450038f6ff42ba3fcbf60d046d3
Author: Jimmy McCrory <email address hidden>
Date: Tue Sep 22 19:14:15 2015 -0700

    Configure HAProxy SSL frontends with cipher suite

    For increased security against possible SSL attacks, configure HAProxy
    SSL frontends with a cipher suite. Default to the existing
    ssl_cipher_suite variable defined in user_variables.

    Change-Id: Ida64765bb4ebec0bbfa118e2eeedfb36ad2bd3f8
    Closes-Bug: #1498726

Changed in openstack-ansible:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (kilo)

Fix proposed to branch: kilo
Review: https://review.openstack.org/227730

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (kilo)

Reviewed: https://review.openstack.org/227730
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=61b7b05f65dfcd196f3a7e358ee5286a86df2b8c
Submitter: Jenkins
Branch: kilo

commit 61b7b05f65dfcd196f3a7e358ee5286a86df2b8c
Author: Jimmy McCrory <email address hidden>
Date: Tue Sep 22 19:14:15 2015 -0700

    Configure HAProxy SSL frontends with cipher suite

    For increased security against possible SSL attacks, configure HAProxy
    SSL frontends with a cipher suite. Default to the existing
    ssl_cipher_suite variable defined in user_variables.

    Change-Id: Ida64765bb4ebec0bbfa118e2eeedfb36ad2bd3f8
    Closes-Bug: #1498726
    (cherry picked from commit e0e56f57a0a54450038f6ff42ba3fcbf60d046d3)

tags: added: in-kilo
Jimmy McCrory (jimmy-mccrory)
Changed in openstack-ansible:
status: Fix Committed → Fix Released
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.11

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.12

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.14

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.