Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2190

webserver HTTPS/TLS cipher list is insecure on RHEL 6

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.6.0
    • Component/s: server
    • Labels:

      Description

      We aren't overriding the default cipher list for the webserver, so it's defaulting to the OpenSSL default cipher suite for the platform. On RHEL 6, this suite contains 3DES, RC4 and other undesirables.

        Attachments

          Activity

            People

            • Assignee:
              danburkert Dan Burkert
              Reporter:
              danburkert Dan Burkert
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: