Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: 2def61975c0b42efcac0b3419230484fff135aaf
https://github.com/tribe29/checkmk/commit/2def61975c0b42efcac0b3419230484ff…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2023-04-04 (Tue, 04 Apr 2023)
Changed paths:
M .werks/15069
Log Message:
-----------
Update Werk text
Clarify the affected versions and what this Werk actually does.
CMK-12828
Change-Id: I2e42646615f48be7e854ee7dcc8bff4109a46831
(cherry picked from commit 8dbc1771508a9400763649e29adba0b75dcb4c5d)
Commit: ff83a055253f6f54ea541729aab38b0b44b885a5
https://github.com/tribe29/checkmk/commit/ff83a055253f6f54ea541729aab38b0b4…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2023-04-04 (Tue, 04 Apr 2023)
Changed paths:
A .werks/15070
M omd/packages/stunnel/skel/etc/stunnel/server.conf
Log Message:
-----------
15070 SEC Drop support for weak DH ciphers
With this Werk two TLS ciphers are disabled from the <tt>stunnel</tt>
configuration.
<tt>stunnel</tt> is used when the <i>Encrypt communication</i>
option in <i>Enable Livestatus access via network (TCP)</i> or
<i>Notification Spooler Configuration</i> is used.
To our knowledge no attacks on these ciphers are known, this is a hardening measure.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This
CVSS is primarily meant to please automatic scanners.
Diff to the pick:
Set sslVersion to sslVersionMin, so we enable TLS1.3.
Change-Id: I0a098eccc7a90cd62dc156819b09e90003cba2db
Compare:
https://github.com/tribe29/checkmk/compare/d2bcd2015d31...ff83a055253f