[Bug 974763] New: Disable SSLv3 in Monit
http://bugzilla.opensuse.org/show_bug.cgi?id=974763 Bug ID: 974763 Summary: Disable SSLv3 in Monit Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: jmutkawoa@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 672273 --> http://bugzilla.opensuse.org/attachment.cgi?id=672273&action=edit Disable SSLV3 According to the RFC 7568, SSLv3 is no longer consider secure. Ref: https://tools.ietf.org/html/rfc7568 This Patch allows Monit to be build without SSLV3 enabled. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c2
--- Comment #2 from David Liedke
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c9
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c10
Lars Vogdt
Lars, you accepted the factory subbmission. Could you also review the backport into Maintenance SR#387933?
I'm unsure if the provided patch alone with disable SSLv3 completely as I did not see where "OPENSSL_NO_SSL3" is defined before. David: can you enlighten me here? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c11
--- Comment #11 from Loganaden Velvindron
(In reply to Andreas Stieger from comment #9)
Lars, you accepted the factory subbmission. Could you also review the backport into Maintenance SR#387933?
I'm unsure if the provided patch alone with disable SSLv3 completely as I did not see where "OPENSSL_NO_SSL3" is defined before.
David: can you enlighten me here?
OpenSSL is compiled with no-ssl3 since 2015: Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org - Build with no-ssl3, for details on why this is needed read rfc7568. According to https://wiki.openssl.org/index.php/Compilation_and_Installation: no-ssl3 Disables SSLv3. OPENSSL_NO_SSL3 will be defined in the OpenSSL headers. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c12
Lars Vogdt
OpenSSL is compiled with no-ssl3 since 2015:
Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org
- Build with no-ssl3, for details on why this is needed read rfc7568.
According to https://wiki.openssl.org/index.php/Compilation_and_Installation:
no-ssl3 Disables SSLv3. OPENSSL_NO_SSL3 will be defined in the OpenSSL headers.
Perfect, thanks! That closes my current brain gap :-) Andreas, I assume this also answers your question in comment #9. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c13
--- Comment #13 from Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c16
--- Comment #16 from jaykishan mutkawoa
(In reply to jaykishan mutkawoa from comment #14)
(In reply to Andreas Stieger from comment #13)
It does but could a maintainer of server:monitoring / monit please accept the review https://build.opensuse.org/request/show/387933 ?
I am willing to take over the maintainability tasks of Monit in OpenSUSE as i am actively using it whether on Production or staging environments. Can you let me know what are the steps to be taken please?
See https://en.opensuse.org/openSUSE: How_to_contribute_to_Factory#How_to_become_a_maintainer_of_a_package_in_Facto ry https://en.opensuse.org/openSUSE:Duties_and_rights_of_a_Factory_maintainer
Thank you for the Links. Here is the request made. ref https://build.opensuse.org/request/show/391887 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c17
Dominique Leuenberger
See https://en.opensuse.org/openSUSE: How_to_contribute_to_Factory#How_to_become_a_maintainer_of_a_package_in_Facto ry https://en.opensuse.org/openSUSE:Duties_and_rights_of_a_Factory_maintainer
Thank you for the Links. Here is the request made. ref https://build.opensuse.org/request/show/391887
FYI: For lack of currently active maintainers on this package I approved this maintainership request -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c18
--- Comment #18 from jaykishan mutkawoa
http://bugzilla.opensuse.org/show_bug.cgi?id=974763
http://bugzilla.opensuse.org/show_bug.cgi?id=974763#c19
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com