diff options
author | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-19 13:28:03 +0300 |
---|---|---|
committer | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2021-05-24 16:38:40 +0300 |
commit | a0bcbd873a067958da13aa881446913ba6c83762 (patch) | |
tree | 0130bc974b00a338d20ba0e6223c613f180e372c | |
parent | ebf1d1e6045b066431c78a44e250e051ac0361ed (diff) | |
download | virtual-media-a0bcbd873a067958da13aa881446913ba6c83762.tar.xz |
Forbid redirection of https resources
Due to security reasons (by security researcher recommendation) remote
source redirections shouldn't be allowed in order to disallow connection
downgrading
Tested:
Tested with python server script forcing redirection
Change-Id: Ia68884dbcc399abc685dcbcf4e205aa62356478f
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
-rw-r--r-- | src/state/activating_state.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/state/activating_state.cpp b/src/state/activating_state.cpp index b76ef12..6cf9f68 100644 --- a/src/state/activating_state.cpp +++ b/src/state/activating_state.cpp @@ -266,6 +266,7 @@ std::unique_ptr<resource::Process> // custom OpenBMC path for CA "capath=/etc/ssl/certs/authority", "ssl-version=tlsv1.2", + "followlocation=false", "ssl-cipher-list=ALL:!eNULL:!aNULL:" "!AES256-GCM-SHA384:!AES128-GCM-SHA256:" "!AES256-SHA256:!AES128-SHA256"}; |