Browse Source

Use only TLSv1 and greater to depoodle

The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
Clark Boylan 4 years ago
parent
commit
7e63b0ed57
1 changed files with 1 additions and 0 deletions
  1. 1
    0
      templates/vhost.erb

+ 1
- 0
templates/vhost.erb View File

@@ -19,6 +19,7 @@
19 19
   CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
20 20
 
21 21
   SSLEngine on
22
+  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
22 23
   SSLCertificateFile      <%= scope.lookupvar("openstackid::ssl_cert_file") %>
23 24
   SSLCertificateKeyFile   <%= scope.lookupvar("openstackid::ssl_key_file") %>
24 25
 <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>

Loading…
Cancel
Save