masterfiles icon indicating copy to clipboard operation
masterfiles copied to clipboard
verified publisher icon cfengine

ENT-9600: Fixed case where cf-apache on Enterprise Hubs was not re-/started ?

Open nickanderson opened this issue 3 years ago • 2 comments

We have seen cases where httpd is not starting or being re-started as expected, possibly as a result of function caching.

Ticket: ENT-9600 Changelog: Title

nickanderson avatar Nov 18 '22 14:11 nickanderson

Not sure if this PR helps, but with these changes PLUS removing SSLCompression off from the httpd.conf template makes things work on ubuntu-16! :)

  # TLS Compression should be disabled to avoid CRIME
  # https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929
# TODO: including this when our ssl library doesn't support??? breaks the config (ENT-9600 ubuntu-16 centos-7)
#  SSLCompression off

Not sure where we should go with this change. I added more specific notes in the ticket:

root@ubuntu1604:~# /var/cfengine/httpd/bin/httpd -t -f /var/cfengine/httpd/conf/httpd.conf.staged
AH00526: Syntax error on line 150 of /var/cfengine/httpd/conf/httpd.conf.staged:
Setting Compression mode unsupported; not implemented by the SSL library
root@ubuntu1604:~# sed -n '150p' /var/cfengine/httpd/conf/httpd.conf.staged
  SSLCompression off

craigcomstock avatar Nov 18 '22 23:11 craigcomstock

Perfect I think a better change is to adjust the https template accordingly. Plausibly that alone will resolve the issue.

nickanderson avatar Nov 18 '22 23:11 nickanderson

@craigcomstock The PR to supersede this one after our further discussion is https://github.com/cfengine/masterfiles/pull/2545

nickanderson avatar Nov 22 '22 14:11 nickanderson