OpenSRF

Remove insecure WebSockets from stock OpenSRF configs

Bug #1667091 reported by Galen Charlton on 2017-02-22

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenSRF	Fix Released	Wishlist	Unassigned	OpenSRF 2.5-rc

Bug Description

OpenSRF WebSockets over port 7680 (or proxied via port 80) is an exposure of patron information bug waiting to happen. We should stop shipping configs that expose insecure WebSockets; if a knowledgable user truly wants to offer an insecure WS endpoint, it's easy enough for them to work that out on their own.

Tags:

Galen Charlton (gmc) on 2017-02-22

Changed in opensrf:
importance:	Undecided → Wishlist

Bill Erickson (berick) on 2017-02-22

Changed in opensrf:
assignee:	nobody → Bill Erickson (berick)
status:	New → Confirmed

Revision history for this message

Bill Erickson (berick) wrote on 2017-02-22:

Branch pushed:

http://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/berick/lp1667091-kill-insecure-ws-config

In addition to the 2 Apache sample configs, this includes a change to the nginx config to proxy websockets/443 request to the SSL endpoint internally.

tags:	added: pullrequest
Changed in opensrf:
milestone:	none → 2.5-beta
assignee:	Bill Erickson (berick) → nobody

Galen Charlton (gmc) on 2017-02-22

Changed in opensrf:
milestone:	2.5-beta → 2.5-rc

Revision history for this message

Galen Charlton (gmc) wrote on 2017-03-01:

Looks good to me. Pushed to master for inclusion in the 2.5 RC. Thanks, Bill!

Changed in opensrf:
status:	Confirmed → Fix Committed

Galen Charlton (gmc) on 2017-03-01

Changed in opensrf:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.