Use only TLSv1 and greater to depoodle
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3. Switch to TLS everywhere in our apache vhost configs. Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
This commit is contained in:
parent
3f62b1cafd
commit
7e63b0ed57
|
@ -19,6 +19,7 @@
|
||||||
CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
|
CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
|
||||||
|
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
|
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
||||||
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
|
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
|
||||||
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
|
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
|
||||||
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
|
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
|
||||||
|
|
Loading…
Reference in New Issue