kibana-authentication-proxy icon indicating copy to clipboard operation
kibana-authentication-proxy copied to clipboard

Published 20 hours ago verified publisher icon fangli

Kibana CAS after SSLv3 POODLE

Open td-edge opened this issue 10 years ago • 1 comments

I set up Kibana several months ago using SSLv3. With the recent POODLE attack, my systems have shut off SSLv3, and everything is using TLS. To have Kibana auto-negotiate to TLS, I added the following options to the validatePathName object in jcas.js:

secureProtocol: 'SSLv23_method', secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv3 ,

This doesn't seem to help though, and I continue to get a timeout and 500 error returned only after reaching the ticket validation step through CAS over https. I also tried adding global https variables to app.js (https://github.com/fangli/kibana-authentication-proxy/issues/33) for TLS, and added specific cipher orders in jcas.js. I upgraded node.js to the current stable version as well.

Am I missing a setting or hack that would allow me to return validation from an independent CAS sever over TLS? Is there a standard setting for dealing with SSLv3 post POODLE?

td-edge avatar Dec 03 '14 18:12 td-edge

jcas.js

  • require 'tls'
  • No SSLv3 | SSLv2
  • option method SSLv23
<Set name = "Exclude Protocols">
   <Array type = "java.lang.string">
      <Item> SSLv3 </Item>
   </Array>
</Set>

td-edge avatar Jun 30 '15 21:06 td-edge