OpenSRF

Improve TLS settings in example configuration

Bug #1916500 reported by Jason Stephenson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenSRF
In Progress
Undecided
Jason Stephenson
OpenSRF 3.3.1

Bug Description

The example configuration for the nginx proxy comes with TLS configuration that is no longer considered secure. It should be updated, and the haproxy example, too.

Revision history for this message
Jason Stephenson (jstephenson) wrote :

Branch: https://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/dyrcona/lp1916500-modernize-tls-examples

tags: added: pullrequest
Revision history for this message
Blake GH (bmagic) wrote :

My sign off:
https://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/blake/lp1916500

Jason Stephenson (jstephenson)
Changed in opensrf:
milestone: none → 3.3-beta
tags: added: signedoff
tags: removed: pullrequest signedoff
Changed in opensrf:
assignee: nobody → Jason Stephenson (jstephenson)
status: New → In Progress
Revision history for this message
Jason Stephenson (jstephenson) wrote :

The recommendations from 2 years ago are likely out of date by now. I'll take a look and see if there have been changes in the recommendations.

We should possibly update the Apache recommendations as well, but since Apache usually sits behind a proxy, it is less important to update those recommendations.

We might also want to consider different settings for the supported distributions since they all have different releases of web servers and OpenSSL.

Galen Charlton (gmc)
Changed in opensrf:
milestone: 3.3-beta → 3.3.0
Galen Charlton (gmc)
Changed in opensrf:
milestone: 3.3.0 → 3.3.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.