Browse Source

Use the SSLProtocol blacklist approach

It turns out that specifying the ciphers we want to use leads to
breakage.  So instead we'll explicitly tell Apache which ciphers
we don't want to use.

Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
changes/70/150870/1
Timothy Chavez 4 years ago
parent
commit
70b9326528
1 changed files with 1 additions and 1 deletions
  1. 1
    1
      templates/vhost.erb

+ 1
- 1
templates/vhost.erb View File

@@ -19,7 +19,7 @@
19 19
   CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
20 20
 
21 21
   SSLEngine on
22
-  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
22
+  SSLProtocol All -SSLv2 -SSLv3
23 23
   SSLCertificateFile      <%= scope.lookupvar("openstackid::ssl_cert_file") %>
24 24
   SSLCertificateKeyFile   <%= scope.lookupvar("openstackid::ssl_key_file") %>
25 25
 <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>

Loading…
Cancel
Save