Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Feature request MAR-90 Configurable TLS version and ciphers
action_vote_minus_faded.png
0
Votes
action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Feature request
  • Category
    Not determined
  • Targetted for
    1.4.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    4 hours
  • Time spent
    2 hours
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

Current roles that configure TLS in deployed software packages do not make it possible to explicitly configure the TLS version and available TLS ciphers. These are instead hard-coded to a set of good values.

Although the defaults provide good security, they do not cover the following scenarios:

  • Devices/connecting applications that lack support for latest TLS versions or ciphers.
  • Ability to easily remove an unsafe cipher via configuration.

It would be beneficial if both the TLS version and available ciphers were configurable.

The following changes should be implemented:

  • Update roles ldap_server, mail_server, and web_server.
  • Make TLS version configurable.
  • Make TLS ciphers configurable.
  • Update role referece documentation.
  • Update usage instructions.
Todos (0 / 0)
There are no comments