- Issued:
- 2018-11-05
- Updated:
- 2018-11-05
RHEA-2018:3492 - Enable setting SSL ciphers and SSL options
Synopsis
Enable setting SSL ciphers and SSL options
Type/Severity
Product Enhancement Advisory None
Topic
The change adds two options to WebSockifyServer. The first is a list of SSL ciphers. The second is SSL options (intended use is to force a specific TLS version).
Description
The python-websockify package is a Python Web Server Gateway Interface based adapter for the Websockets protocol. It forwards traffic between the client and guest, and enables users to connect to virtual machines using SPICE-HTML5 and noVNC consoles.
All Red Hat Enterprise Virtualization users who wish to use a websocket proxy for web-based console client access are advised to install this new python-websockify package.
Default configuration allows old and potentially insecure ciphers to be used. Passing SSL options and SSL ciphers prevents using outdated TLS versions as well as allows limiting the list of ciphers.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Virtualization | 4 | x86_64 |
| Red Hat Virtualization Manager | 4 | x86_64 |
Updated Packages
- python-websockify-0.8.0-3.el7.noarch.rpm
- python-websockify-0.8.0-3.el7.src.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.