Kibana CAS after SSLv3 POODLE #46
Description
I set up Kibana several months ago using SSLv3. With the recent POODLE attack, my systems have shut off SSLv3, and everything is using TLS. To have Kibana auto-negotiate to TLS, I added the following options to the validatePathName object in jcas.js:
secureProtocol: 'SSLv23_method',
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv3 ,
This doesn't seem to help though, and I continue to get a timeout and 500 error returned only after reaching the ticket validation step through CAS over https. I also tried adding global https variables to app.js (#33) for TLS, and added specific cipher orders in jcas.js. I upgraded node.js to the current stable version as well.
Am I missing a setting or hack that would allow me to return validation from an independent CAS sever over TLS? Is there a standard setting for dealing with SSLv3 post POODLE?