Majic Projects
Go to the previous open issue
Go to the previous issue (open or closed)
Please log in to bookmark issues
Closed Bug report MAR-94 TLSv1 and TLSv1.1 still available during TLS handshake on port 443 after applying the web_server role
Go to the next issue (open or closed)
Go to the next open issue
icon_info.png This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Bug report
  • Category
    Not determined
  • Targetted for
  • Status
  • Progress
  • Priority
    Must fix before next release
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (1)
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    1 hour
    Click here to see time logged against this issue
Issue details
  • Resolution
  • Reproducability
  • Severity
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates

After applying the web_server role to a server, it can be noticed that when connecting to the web server (Nginx) via port 443, the TLSv1 and TLSv1.1 are still available during the TLS handshake.

The error lies within the faulty regular expression in the lineinfile module invocation that fails to account for blanks that are present in front of the line defining available TLS protocols in file /etc/nginx/nginx.conf.

The following should be done:

  • Fix the regular expression.
Steps to reproduce this issue

Reproduction steps:

  1. Apply web_server role to a server. Configure TLS ciphers that are usable in TLSv1 and TLSv1.1 as well.

  2. Try to connect to web server using TLSv1 and TLSv1.1.

Expected results:

  1. TLS handshake fails due to lack of support for TLSv1 and TLSv1.1 on the server side.

Actual results:

  1. TLS handshake succeeds.
Comments ()
There are no comments