Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extra ssl options to harden rabbitmq listener #547

Merged
merged 1 commit into from
Aug 10, 2017
Merged

Extra ssl options to harden rabbitmq listener #547

merged 1 commit into from
Aug 10, 2017

Conversation

xepa
Copy link
Contributor

@xepa xepa commented Jun 8, 2017

This patch adds the following options to the ssl config to harden the rabbitmq ssl setup

  • ssl_secure_renegotiate (boolean default true)
  • ssl_reuse_sessions (boolean default true)
  • ssl_honor_cipher_order (boolean default true)
  • ssl_dhfile (string default empty)

@xepa
This patch adds the following options to the ssl config to harden the…
7b5afa9 
… rabbitmq ssl setup

ssl_secure_renegotiate (boolean default true)
ssl_reuse_sessions (boolean default true)
ssl_honor_cipher_order (boolean default true)
ssl_dhfile (string default empty)
@hunner
Copy link
Member

hunner commented Aug 10, 2017

This PR will cause every user to get ssl_secure_renegotiate, ssl_reuse_sessions, and ssl_honor_cipher_order added to their configuration. This seems like a breaking change; what do you think?

@hunner hunner merged commit 7b5afa9 into voxpupuli:master Aug 10, 2017
hunner added a commit that referenced this pull request Aug 10, 2017
@hunner
Merge pull request #547 from xepa/feature/extra_ssl_options
2b2c4ac 
Extra ssl options to harden rabbitmq listener
@hunner
Copy link
Member

hunner commented Aug 10, 2017

http://erlang.org/doc/man/ssl.html#id61579 documents that at least two of these default to false in erlang.

hunner added a commit that referenced this pull request Aug 10, 2017
@hunner
Revert "Merge pull request #547 from xepa/feature/extra_ssl_options"
58cb3a6 
This reverts commit 2b2c4ac, reversing
changes made to 0af454f.
@hunner
Copy link
Member

hunner commented Aug 10, 2017

I merged this by accident, and it looks like there is no way to reopen it :. Sorry, but could you resubmit?

@wyardley wyardley added the enhancement New feature or request label Sep 5, 2017
Slm0n87 pushed a commit to Slm0n87/puppet-rabbitmq that referenced this pull request Mar 7, 2019
@hunner
Merge pull request voxpupuli#547 from xepa/feature/extra_ssl_options
dc7e43e 
Extra ssl options to harden rabbitmq listener
Slm0n87 pushed a commit to Slm0n87/puppet-rabbitmq that referenced this pull request Mar 7, 2019
@hunner
Revert "Merge pull request voxpupuli#547 from xepa/feature/extra_ssl_…
6088b98 
…options"

This reverts commit 2b2c4ac, reversing
changes made to 0af454f.
cegeka-jenkins pushed a commit to cegeka/puppet-rabbitmq that referenced this pull request Mar 26, 2021
@hunner
Merge pull request voxpupuli#547 from xepa/feature/extra_ssl_options
7b296a5 
Extra ssl options to harden rabbitmq listener
cegeka-jenkins pushed a commit to cegeka/puppet-rabbitmq that referenced this pull request Mar 26, 2021
@hunner
Revert "Merge pull request voxpupuli#547 from xepa/feature/extra_ssl_…
c178477 
…options"

This reverts commit 2b2c4ac, reversing
changes made to 0af454f.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xepa @hunner @wyardley