Hello,
Is it possible to harden the default setting for the opsiconfd web service (port 4447)? Like remove support for TLS 1.0 and disable RC4 cipher suites.
Can that be configured and can the opsiclient support that?
Regards
S
Harden opsiconfd? (disable TLS 1.0 and RC4 ciphers)
- n.wenselowski
- Ex-uib-Team
- Beiträge: 3194
- Registriert: 04 Apr 2013, 12:15
Re: Harden opsiconfd? (disable TLS 1.0 and RC4 ciphers)
Hi S,
As for TLS we go with whatever the server has available and there currently isn't any configuration possible on that side. I took the somewhat lazy route that the OS lib probably will drop whatever is unsecure sooner or later as my last looks at that showed that it wasn't as straight forward to implement as I'd like it to have. Would you think that being able to configure to allowed TLS version would be useful anyway?
Kind regards
Niko
opsiconfd has an option accepted ciphers in it's config file that can be used to limit the ciphers that are accepted for the communication. There should be some examples in our forums already.shade hat geschrieben:Is it possible to harden the default setting for the opsiconfd web service (port 4447)? Like remove support for TLS 1.0 and disable RC4 cipher suites.
As for TLS we go with whatever the server has available and there currently isn't any configuration possible on that side. I took the somewhat lazy route that the OS lib probably will drop whatever is unsecure sooner or later as my last looks at that showed that it wasn't as straight forward to implement as I'd like it to have. Would you think that being able to configure to allowed TLS version would be useful anyway?
Kind regards
Niko
Code: Alles auswählen
import OPSI