perfsonar-user - Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant
Subject: perfSONAR User Q&A and Other Discussion
List archive
Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant
Chronological Thread
- From: Brent Draney <>
- To: Andrew Lake <>
- Cc:
- Subject: Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant
- Date: Tue, 5 Mar 2019 13:25:08 -0800
Thanks for adding this configuration path. We will make sure to take advantage of it.
We will also feed back the settings that make to pass the BOD tests so that others can
use it and it can be centrally documented.
Brent
On Mar 5, 2019, at 1:15 PM, Andrew Lake <> wrote:Hi Brent,You should be able to update the VirtualHost section /etc/httpd/conf.d/ssl.conf with the settings you want. They will be preserved between updates...which was not always true until a recent update. We re-shuffled the way perfSONAR manages SSL settings in the 4.1.5 release in December of last year specifically so users with this requirement could make the edits and not have them blasted every time we release a new version of perfSONAR.This may fall into the category of “too much information” but if you are wondering, the perfSONAR RPMs put a default set of SSL settings in /etc/httpd/conf.d/apache-perfsonar-security.conf. These match the Mozilla Intermediate compatibility recommendation (https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29) which are stronger than the Apache defaults but not as strong as the BOD. You can leave apache-perfsonar-security.conf alone since the RPM controls that. Anything the RPMs put there will get ignored in favor of your changes in the VirtualHost section of ssl.conf since the VirtualHost context takes precedence in Apache.Thanks,AndyOn March 5, 2019 at 3:04:07 PM, Brent Draney () wrote:
Hi All,
Federal gov web servers are under a Binding Operational Directive that requires us to convert to HTTPS with strong(er) cyphers
and turn on HSTS. Is there a version of PerfSonar that meets the requirements that anyone is aware of or has anyone modified
their local config to meet BD 18-01? The link below gives more information about the BOD.
Thanks,
Brent
https://pulse.cio.gov/https/domains/#q=w--
To unsubscribe from this list: https://lists.internet2.edu/sympa/signoff/perfsonar-user
- [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Brent Draney, 03/05/2019
- Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Alex Hsia, 03/05/2019
- Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Brent Draney, 03/05/2019
- Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Andrew Lake, 03/05/2019
- Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Brent Draney, 03/05/2019
- Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Alex Hsia, 03/05/2019
- Re: [perfsonar-user] Suggested config for PerfSonar to become BOD 18-01 compliant, Alex Hsia, 03/05/2019
Archive powered by MHonArc 2.6.19.