Seite 1 von 1
Harden opsiconfd? (disable TLS 1.0 and RC4 ciphers)
Verfasst: 15 Mai 2018, 17:46
von shade
Hello,
Is it possible to harden the default setting for the opsiconfd web service (port 4447)? Like remove support for TLS 1.0 and disable RC4 cipher suites.
Can that be configured and can the opsiclient support that?
Regards
S
Re: Harden opsiconfd? (disable TLS 1.0 and RC4 ciphers)
Verfasst: 05 Jun 2018, 17:12
von n.wenselowski
Hi S,
shade hat geschrieben:Is it possible to harden the default setting for the opsiconfd web service (port 4447)? Like remove support for TLS 1.0 and disable RC4 cipher suites.
opsiconfd has an option
accepted ciphers in it's config file that can be used to limit the ciphers that are accepted for the communication. There should be some examples in our forums already.
As for TLS we go with whatever the server has available and there currently isn't any configuration possible on that side. I took the somewhat lazy route that the OS lib probably will drop whatever is unsecure sooner or later as my last looks at that showed that it wasn't as straight forward to implement as I'd like it to have. Would you think that being able to configure to allowed TLS version would be useful anyway?
Kind regards
Niko