[checkmk-commits] [tribe29/checkmk] 2def61: Update Werk text

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 2def61975c0b42efcac0b3419230484fff135aaf https://github.com/tribe29/checkmk/commit/2def61975c0b42efcac0b3419230484ff… Author: Maximilian Wirtz &lt;maximilian.wirtz(a)tribe29.com&gt; Date: 2023-04-04 (Tue, 04 Apr 2023) Changed paths: M .werks/15069 Log Message: ----------- Update Werk text Clarify the affected versions and what this Werk actually does. CMK-12828 Change-Id: I2e42646615f48be7e854ee7dcc8bff4109a46831 (cherry picked from commit 8dbc1771508a9400763649e29adba0b75dcb4c5d) Commit: ff83a055253f6f54ea541729aab38b0b44b885a5 https://github.com/tribe29/checkmk/commit/ff83a055253f6f54ea541729aab38b0b4… Author: Maximilian Wirtz &lt;maximilian.wirtz(a)tribe29.com&gt; Date: 2023-04-04 (Tue, 04 Apr 2023) Changed paths: A .werks/15070 M omd/packages/stunnel/skel/etc/stunnel/server.conf Log Message: ----------- 15070 SEC Drop support for weak DH ciphers With this Werk two TLS ciphers are disabled from the <tt>stunnel</tt> configuration. <tt>stunnel</tt> is used when the <i>Encrypt communication</i> option in <i>Enable Livestatus access via network (TCP)</i> or <i>Notification Spooler Configuration</i> is used. To our knowledge no attacks on these ciphers are known, this is a hardening measure. We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners. Diff to the pick: Set sslVersion to sslVersionMin, so we enable TLS1.3. Change-Id: I0a098eccc7a90cd62dc156819b09e90003cba2db Compare: https://github.com/tribe29/checkmk/compare/d2bcd2015d31...ff83a055253f