Fuel for OpenStack

Disable tls1.0 support

Bug #1656466 reported by Vlad Naboichenko on 2017-01-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Invalid	Medium	Fuel Sustaining	Fuel for OpenStack 11.0
Nominated for Ocata by Oleksiy Molchanov
	Mitaka	Invalid	Medium	Fuel Sustaining	Fuel for OpenStack 9.x-updates
	Newton	Invalid	Medium	Fuel Sustaining	Fuel for OpenStack 10.1

Bug Description

Due to security vulnerabilities it would be nice to disable tls1.0 in nginx on fuel master and in haproxy for openstack services.

See original description

Tags:

Vlad Naboichenko (vnaboychenko) on 2017-01-14

description:	updated
summary:	- Disable ssl3, tls1.0 support + Disable tls1.0 support

Oleksiy Molchanov (omolchanov) on 2017-01-16

Changed in fuel:
importance:	Undecided → Medium
milestone:	none → 9.3
assignee:	nobody → Fuel Sustaining (fuel-sustaining-team)
tags:	added: area-library

Oleksiy Molchanov (omolchanov) on 2017-01-30

Changed in fuel:
milestone:	9.x-updates → 11.0
status:	New → Confirmed

Revision history for this message

Stanislaw Bogatkin (sbogatkin) wrote on 2017-01-30:

You can't do this in reasonable amount of time because of limitation in clients written in Ruby and Python, especially Ruby one, as proper support of TLS in that language starts from 2.1 version. So I believe we should not disable TLS 1.0 as it provides good enough security with proper ciphersuites enabled.

Changed in fuel:
status:	Confirmed → Incomplete

Revision history for this message

Oleksiy Molchanov (omolchanov) wrote on 2017-03-07:

Marking as Invalid, because of no activity for more than a month.

Changed in fuel:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.