opendev
/
puppet-openstackid
Code Issues Proposed changes

Use only TLSv1 and greater to depoodle 

The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
This commit is contained in:
Clark Boylan 2014-10-14 17:07:06 -07:00
parent 3f62b1cafd
commit 7e63b0ed57
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
templates/vhost.erb
View File

@ -19,6 +19,7 @@
CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> <% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>