OpenStack Controllers have vulnerability SSL Medium Strength Cipher Suites Supported (SWEET32)

Solution In Progress - Updated -

Issue

  • Our InfoSec team is requesting to remove the Medium Strength Ciphers

  • We're trying to set :

  controllerExtraConfig:
    tripleo::haproxy::ssl_cipher_suite: '!SSLv2:kEECDH:kRSA:kEDH:kPSK:!3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES'

but we always see the default value in /etc/haproxy/haproxy.cfg:

!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES

Environment

  • Red Hat OpenStack Platform 10.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In