Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Open Task MAR-230 Drop OpenSSL configuration hacks in tests
Go to the next issue (open or closed)
Go to the next open issue
branko (@branko) has been working on this issue since January 08, 2025 (17:54)
Issue basics
  • Type of issue
    Task
  • Category
    Tests
  • Targetted for
    9.0.0
  • Status
    Being worked on
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    4 hours
    Click here to see time logged against this issue
Issue details
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

In order to test some of the TLS functionality in various roles, an OpenSSL configuration hack is deployed in order to allow for use of outdated TLS versions (like 1.1). It would be beneficial to get rid of those since every now and then they seem to break during distribution upgrades.

The easiest way to go about this would be to change the TLS protocol version defaults and use only TLSv1.2 and TLSv1.3 versions for testing purposes. For this to be effectively possible, support for Debian 11 Bullseye will have to be dropped first (since the version of OpenSSL shipped with it does not support TLSv1.3).

The following should be done:

  • Update tests for all roles.
    • Drop use of anything lower than TLSv1.1.
    • For configurable TLS protocol versions, rely on TLSv1.2 and TLSv1.3 only.
    • Drop hacks made to the system-wide OpenSSL configuration files.
  • Make sure all tests are still passing after these changes.
  • Make sure to document that the Majic Ansible Roles are primarily meant to be used with TLSv1.2 and TLSv1.3 and that anything lower than that may require manual changes on the administrator's side to global OpenSSL configuration file which are outside of scope of project documentation.
  • Update role reference documentation.
  • Update usage instructions.
  • Update release notes.
Todos (0 / 0)
There are no comments