So for the newer releases of xCAT. That information is taken from the site
table xcatsslciphers attribute.
You would run not change xcatd but run the following:
chtab key=xcatsslciphers site.value='HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3'
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
"Blatt, Andrew C" <[email protected]> wrote on 10/30/2014
10:21:18 AM:
> From: "Blatt, Andrew C" <[email protected]>
> To: xCAT Users Mailing list <[email protected]>
> Date: 10/30/2014 10:47 AM
> Subject: Re: [xcat-user] Force xCAT to only use TLS
>
> I’m running an old version of xcat (2.6.9) and to resolve POODLE, I had
added:
>
> SSL_cipher_list=>'HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3',
>
> To the xcatd start_SSL perl code.
>
> From: Lissa Valletta [mailto:[email protected]]
> Sent: Thursday, October 30, 2014 10:15 AM
> To: xCAT Users Mailing list
> Subject: Re: [xcat-user] Force xCAT to only use TLS
>
> No there is no way to just use TLS, we use openssl to generate our
> credentials and secure our daemon to daemon communication. Can you
> not just disable sslV3 on the MN and service nodes, if you have them.
>
> disable SSLv3 in the HTTPD config:
> SSLProtocol All -SSLv2 -SSLv3
>
>
> Lissa K. Valletta
> 8-3/B10
> Poughkeepsie, NY 12601
> (tie 293) 433-3102
>
>
>
> [image removed] Phil Langerholc ---10/30/2014 09:48:32 AM---Hello,
> Is there a way to force xCAT to only use TLS vs sslV3? We have a
>
> From: Phil Langerholc <[email protected]>
> To: xCAT User List <[email protected]>
> Date: 10/30/2014 09:48 AM
> Subject: [xcat-user] Force xCAT to only use TLS
>
>
>
>
> Hello,
> Is there a way to force xCAT to only use TLS vs sslV3? We have a
> mandate to disable SSLV3 across the board due to POODLE and xCAT is
> being flagged.
>
> --
> ---Phil
>
>
>
------------------------------------------------------------------------------
> _______________________________________________
> xCAT-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/xcat-user
> This message, and any attachments, is for the intended recipient(s)
> only, may contain information that is privileged, confidential and/
> or proprietary and subject to important terms and conditions available at
> http://www.bankofamerica.com/emaildisclaimer. If you are not the
> intended recipient, please delete this message.
>
------------------------------------------------------------------------------
> _______________________________________________
> xCAT-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
