centos-infra

#499 Modernize the TLS ciphers through common settings on all https sites
Closed: Fixed with Explanation by arrfab. Opened by arrfab.

Closed: Fixed with Explanation
Reopen Issue

While we use ansible to deploy all configurations (including https vhost and tls settings), we'd like to modernize that through simple snippet that can be coming from ansible inventory and also review some vhost still allowing TLSv1 and TLSv1.1.

Actions plan:

  • centralize all settings in the httpd ansible role (can be changed through inventory)
  • review all roles to inherit from httpd role (should be the case but reviewing would be nice)

Metadata Update from @arrfab:
- Issue assigned to arrfab

Metadata Update from @arrfab:
- Issue tagged with: centos-ci-infra, centos-common-infra, high-gain, medium-trouble

All pushed in httpd role and working on roles importing httpd to ensure they'll use the new var/snippet.
Already live for www.centos.org : https://www.ssllabs.com/ssltest/analyze.html?d=www.centos.org

Relevant git commit that shows the httpd_tls_ciphers variable that can also be changed through inventory

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed with Explanation
- Issue status updated to: Closed (was: Open)

Log in to comment on this ticket.

Metadata

centos-ci-infra centos-common-infra high-gain medium-trouble

None
None
High
Powered by Pagure 1.0.0
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.