• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    HTTPS Apache Config

    Scheduled Pinned Locked Moved
    Feature Request
    3
    4
    450
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      astrugatch
      last edited by

      The apache config currently accepts tls 1.0 and 1.1 which should be disabled to meet current standards. tls 1.2 should be the only accepted protocol.

      1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator
        last edited by george1421

        So what recommended changes are you proposing to disable tls 1.0 and 1.1? This isn’t exactly a bug since its up to the FOG Admin to properly secure their servers.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        A 1 Reply Last reply Reply Quote 0
        • A
          astrugatch @george1421
          last edited by astrugatch

          @george1421

          To have:

          SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
          SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
          

          added to the virtual host automatically when the ./installfog.sh -S is run just like

              SSLEngine on
              SSLCertificateFile      /path/to/signed_cert_and_intermediate_certs
              SSLCertificateKeyFile   /path/to/private_key
          

          is automatically added. I guess this is less a bug than a feature request geared toward security

          I opened this up in github, but was posting it here to have a wider discussion for those that don’t visit github.

          1 Reply Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by

            @astrugatch Yeah, probably a good idea. We’d need to do extensive testing on this. E.g. iPXE boot, fog-client, storage nodes (php curl calls) and so on.

            PS: Moved to feature request.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • 1 / 1
            • First post
              Last post

            180

            Online

            12.0k

            Users

            17.3k

            Topics

            155.2k

            Posts
            Copyright © 2012-2024 FOG Project