Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Open Enhancement MAR-206 Modernise TLS configuration
Go to the next issue (open or closed)
Go to the next open issue
Issue basics
  • Type of issue
    Enhancement
  • Category
    Security
  • Targetted for
    Not determined
  • Status
    New
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    8 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Show / hide more details »
Description

Current hardening-related TLS configuration used by various roles is at this point fairly outdated, particularly taking into account that TLSv1.3 has come out and become generally available/usable with numerous packages in Debian 12 Bookworm.

To keep up with the times and best practices, the TLS configuration for all roles should be refreshed.

The following should be done:

  • Update all roles that deploy servers that utilise TLS encryption.
    • Bump up the default TLS version used as much as possible.
    • Update the default list of configured ciphers.
    • Both TLS version and ciphers enabled/used should remain configurable in order to account for specific deployment requirements (clients using outdated libraries etc).
  • Update role reference documentation.
  • Update usage instructions.
  • Update release notes.
Todos (0 / 0)
Options
There are no comments