• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

HTTPS Apache Config

Scheduled Pinned Locked Moved
Feature Request
3
4
450
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    astrugatch
    last edited by Feb 5, 2020, 6:07 PM

    The apache config currently accepts tls 1.0 and 1.1 which should be disabled to meet current standards. tls 1.2 should be the only accepted protocol.

    1 Reply Last reply Reply Quote 0
    • G
      george1421 Moderator
      last edited by george1421 Feb 5, 2020, 12:29 PM Feb 5, 2020, 6:28 PM

      So what recommended changes are you proposing to disable tls 1.0 and 1.1? This isn’t exactly a bug since its up to the FOG Admin to properly secure their servers.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      A 1 Reply Last reply Feb 5, 2020, 6:34 PM Reply Quote 0
      • A
        astrugatch @george1421
        last edited by astrugatch Feb 5, 2020, 12:36 PM Feb 5, 2020, 6:34 PM

        @george1421

        To have:

        SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

        added to the virtual host automatically when the ./installfog.sh -S is run just like

            SSLEngine on
    SSLCertificateFile      /path/to/signed_cert_and_intermediate_certs
    SSLCertificateKeyFile   /path/to/private_key

        is automatically added. I guess this is less a bug than a feature request geared toward security

        I opened this up in github, but was posting it here to have a wider discussion for those that don’t visit github.

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Feb 5, 2020, 9:43 PM

          @astrugatch Yeah, probably a good idea. We’d need to do extensive testing on this. E.g. iPXE boot, fog-client, storage nodes (php curl calls) and so on.

          PS: Moved to feature request.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          1 / 1
          • First post
            2/4
            Last post

          262

          Online

          12.0k

          Users

          17.3k

          Topics

          155.2k

          Posts
          Copyright © 2012-2024 FOG Project