Actions
Bug #27221
closedSSE encryption does not detect ssl termination in proxy
% Done:
0%
Source:
Tags:
sse proxy
Backport:
luminous mimic
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Requests using sse encryption are rejected if they aren't received over an ssl connection - but this does not account for cases where a proxy is performing ssl termination. When rgw_crypt_require_ssl is enabled (as by default), the 'Forwarded' and 'X-Forwarded-Proto' headers should be consulted when determining whether the connection is secure.
Updated by Casey Bodley over 5 years ago
- Status changed from New to 7
Updated by Casey Bodley over 5 years ago
- Status changed from 7 to Pending Backport
Updated by Patrick Donnelly over 5 years ago
- Copied to Backport #36644: luminous: SSE encryption does not detect ssl termination in proxy added
Updated by Patrick Donnelly over 5 years ago
- Copied to Backport #36645: mimic: SSE encryption does not detect ssl termination in proxy added
Updated by Nathan Cutler over 5 years ago
- Status changed from Pending Backport to Resolved
Updated by Casey Bodley 3 months ago
- Related to Feature #19246: rgw: use X-Forwarded-Proto header to determine original protocol under proxy added
Actions