Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-11068

apache : ssl_honorcipherorder neither default nor 'true' work in vhost

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: apache
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: v6.0.0
      Puppet Version: 5.5.10
      OS Name/Version: Debian 10.9

      Describe your issue in as much detail as possible...

      Desired Behavior:

      1. ssl_honorcipherorder default in vhost is On as documented, or documentation is changed.
      2. ssl_honorcipherorder in vhost works with booleans as documented.

      Actual Behavior:

      vhost parameter ssl_honorcipherorder claims that true is the default, indeed it looks that way in the class parameters. However nothing appears in the vhost output unless you explicitly set it.

      I assume it's something to do with the funky code in ssl.pp that is trying to make it accept both 'On'/'Off' and true/false. It may also be that the template needs to use the _ prefixed variable instead, but I can't understand this well enough to propose a fix.

      It also doesn't work with a boolean true as documented (it emits 'true' to the apache config instead of 'On', which makes Apache fail to start). I think it needs to use apache::bool2httpd. (It should indeed accept booleans to be compatible with all the other parameters, like ssl_stapling)

       

        Attachments

          Activity

            People

            Assignee:
            david.schmitt David Schmitt
            Reporter:
            davidc davidc
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support