Majic Projects
previous_open_issue.png
Go to the previous open issue
previous_issue.png
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
task_small.png
Open Task MAR-158 Update default set of configured TLS ciphers
next_issue.png
Go to the next issue (open or closed)
next_open_issue.png
Go to the next open issue
branko (branko) has been working on this issue since May 21, 2020 (12:18)
Issue basics
  • Type of issue
    Task
  • Category
    Not determined
  • Targetted for
    5.0.0
  • Status
    Being worked on
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

Majic Ansible Roles mandates use of TLS in all services exposed over network. All relevant roles also provide ability to specify what TLS ciphers should be allowed in specific service, coming with a fairly secure defaults.

The defaults have become somewhat outdated, however, and need to be updated.

The following should be done:

  • Update the ldap_server, mail_server, and web_server roles.

    • Update defaults for the TLS ciphers parameters.
    • Drop use of any insecure algorithms from the parameters.
    • Improve tests by testing against all possible ciphers (e.g. be more precise in what is allowed and not allowed).
  • Update role reference documentation.
  • Update release notes.
Comments ()
There are no comments
History