Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe 3DES Cipher Suite im FHIR Proxy #117

Closed
UKFr-DIZ opened this issue Oct 11, 2023 · 1 comment · Fixed by #123, #129 or #130
Closed

Unsafe 3DES Cipher Suite im FHIR Proxy #117

UKFr-DIZ opened this issue Oct 11, 2023 · 1 comment · Fixed by #123, #129 or #130
Assignees
@hhund
Labels
enhancement New feature or request ready for release Issue is fixed and merged into develop, ready for next release
Milestone
1.3.1

Comments

@UKFr-DIZ
Copy link

UKFr-DIZ commented Oct 11, 2023
edited
Loading

Hi,

I've been informed by our security team that we are still supporting an insecure cipher suite. They directed me to the standards at https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices.

After reviewing, I noticed that a 3DES cipher suite is still being supported, which should be removed according to the best practice recommendations.

As a result, I suggest removing this cipher suite from the ssl.conf. Please refer to the SSLCipherSuite and SSLProxyCipherSuite directives.

Source:

dsf/dsf-docker/fhir_proxy/conf/extra/httpd-ssl.conf

Line 68 in 74eb4d7

SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES128-SHA:DES-CBC3-SHA

Best regards,
Nam
@schwzr
Copy link
Member

schwzr commented Oct 11, 2023

Suggestion of which cipher suites to support:

https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1k&guideline=5.7

@hhund hhund added this to the 1.3.1 milestone Oct 11, 2023
@hhund hhund self-assigned this Oct 11, 2023
@hhund hhund mentioned this issue Oct 16, 2023
Merged
@hhund hhund linked a pull request Oct 16, 2023 that will close this issue
Issues/117 118 cipher suites web UI #123
Merged
@hhund hhund added the enhancement New feature or request label Oct 16, 2023
@hhund hhund added the ready for release Issue is fixed and merged into develop, ready for next release label Oct 29, 2023
@hhund hhund linked a pull request Oct 31, 2023 that will close this issue
Issues/117 118 cipher suites web UI #129
Merged
@hhund hhund mentioned this issue Oct 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hhund hhund

Labels
enhancement New feature or request ready for release Issue is fixed and merged into develop, ready for next release
Projects
None yet
Milestone
1.3.1
3 participants
@schwzr @hhund @UKFr-DIZ