Majic Projects
previous_open_issue.png
Go to the previous open issue
previous_issue.png
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
bug_report_small.png
Closed Bug report MAR-94 TLSv1 and TLSv1.1 still available during TLS handshake on port 443 after applying the web_server role
next_issue.png
Go to the next issue (open or closed)
next_open_issue.png
Go to the next open issue
icon_info.png This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Bug report
  • Category
    Not determined
  • Targetted for
    1.5.0
  • Status
    Closed
  • Progress
  • Priority
    Must fix before next release
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (1)
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    1 hour
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
  • Reproducability
    Always
  • Severity
    Critical
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

After applying the web_server role to a server, it can be noticed that when connecting to the web server (Nginx) via port 443, the TLSv1 and TLSv1.1 are still available during the TLS handshake.

The error lies within the faulty regular expression in the lineinfile module invocation that fails to account for blanks that are present in front of the line defining available TLS protocols in file /etc/nginx/nginx.conf.

The following should be done:

  • Fix the regular expression.
Steps to reproduce this issue

Reproduction steps:

  1. Apply web_server role to a server. Configure TLS ciphers that are usable in TLSv1 and TLSv1.1 as well.

  2. Try to connect to web server using TLSv1 and TLSv1.1.

Expected results:

  1. TLS handshake fails due to lack of support for TLSv1 and TLSv1.1 on the server side.

Actual results:

  1. TLS handshake succeeds.
Comments ()
There are no comments
History