[Openstack-security] [Bug 1404862] Re: Horizon SSL configuration vulnerable
Kevin Carter
kevin.carter at rackspace.com
Fri May 8 19:09:27 UTC 2015
** Changed in: openstack-ansible
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1404862
Title:
Horizon SSL configuration vulnerable
Status in Ansible playbooks for deploying OpenStack:
Fix Released
Status in openstack-ansible icehouse series:
Fix Released
Status in openstack-ansible juno series:
Fix Released
Bug description:
Currently the Apache configuration for Horizon is very simple and
therefore vulnerable to various forms of SSL and TLS attack vectors.
The Qualys SSL test on the default setup results in a C grading. In
order to ensure that best practices are implemented and anyone using
os-ansible-deployment has a secure by default setup, this needs to be
addressed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1404862/+subscriptions
More information about the Openstack-security
mailing list