Majic Projects ~ [CLOSED] MAR-94 - TLSv1 and TLSv1.1 still available during TLS handshake on port 443 after applying the web

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

Majic Ansible Roles / Closed Bug report MAR-94 TLSv1 and TLSv1.1 still available during TLS handshake on port 443 after applying the web_server role

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Bug report Unknown issue type
Issue label

No label set
Category

Not determined
Targetted for

1.5.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Must fix before next release Not determined

Affected by this issue (1)

1.4.0
Unknown
- New
- Investigating
- Confirmed
- Not a bug
- Being worked on
- Near completion
- Ready for testing / QA
- Testing / QA
- Closed
- Postponed
- Done
- Fixed
- New
- Investigating
- Confirmed
- Not a bug
- Being worked on
- Near completion
- Ready for testing / QA
- Testing / QA
- Closed
- Postponed
- Done
- Fixed
- In progress
- Ready to test
- Resolved
- Reopened
- Open
- In progress
- Resolved
- Reopened
- Please wait...
Unconfirmed (1.4.0)

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Apr 01, 2017
Last updated

Apr 08, 2017
Estimated time

2 hours Not estimated
Time spent

1 hour No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Always Not determined
Severity

Critical Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

After applying the web_server role to a server, it can be noticed that when connecting to the web server (Nginx) via port 443, the TLSv1 and TLSv1.1 are still available during the TLS handshake.

The error lies within the faulty regular expression in the lineinfile module invocation that fails to account for blanks that are present in front of the line defining available TLS protocols in file /etc/nginx/nginx.conf.

The following should be done:

Fix the regular expression.

Steps to reproduce this issue

Reproduction steps:

Apply web_server role to a server. Configure TLS ciphers that are usable in TLSv1 and TLSv1.1 as well.
Try to connect to web server using TLSv1 and TLSv1.1.

Expected results:

TLS handshake fails due to lack of support for TLSv1 and TLSv1.1 on the server side.

Actual results:

TLS handshake succeeds.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password