StarlingX

Security: TLS1.0 enabled on docker ports

Bug #1869527 reported by Ghada Khalil on 2020-03-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Triaged	Low	Andy

Bug Description

Brief Description
-----------------
Nessus scan reports the following low security finding:
TLS1.0 enabled on docker ports
Reported on docker ports 9001 & 9002
To address this report, need to disable TLS1.0 on these ports. TLS1.1 & TLS1.2 can continue to be enabled.

Severity
--------
Minor security concern

Branch/Pull Time/Commit
-----------------------
Tested on stx master

Test Activity
-------------
Security Scan

Tags:

Ghada Khalil (gkhalil) on 2020-03-28

tags:

added: stx.security

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2020-04-01:

Would be nice to fix in stx.4.0 as this is a security concern

Changed in starlingx:
importance:	Undecided → Medium
status:	New → Triaged
tags:	added: stx.4.0

Ghada Khalil (gkhalil) on 2020-04-23

Changed in starlingx:
assignee:	nobody → Andy (andy.wrs)

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2020-05-20:

Lowering the priority. This is a would-be-nice to fix, but doesn't strictly hold up stx.4.0

Changed in starlingx:
importance:	Medium → Low
tags:	removed: stx.4.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.