[KUDU-2190] webserver HTTPS/TLS cipher list is insecure on RHEL 6 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.6.0
Component/s: server
Labels:
- security

Description

We aren't overriding the default cipher list for the webserver, so it's defaulting to the OpenSSL default cipher suite for the platform. On RHEL 6, this suite contains 3DES, RC4 and other undesirables.

Attachments

Activity

People

Assignee:: Dan Burkert

Reporter:: Dan Burkert

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Oct/17 23:22

Updated:: 17/Oct/17 01:39

Resolved:: 17/Oct/17 01:39