489b7ba022
* Prefer the ECDHE + AESGCM ciper suites first, these represent the best performance and the best security. * Then, prefer the DH + AESGCM, these are equivilant to the first in terms of security, however they are slower. * Then, we'll prefer any AES cipher that supports PFS, sorting by strength, then performance. * Then we'll prefer any non PFS cipher, with AESGCM first, but finally any another non PFS cipher. * We then exclude any AES256 ciphers, we exclude there here instead of just not mentioning them so that they can be renabled simply by removing the !AES256. We exclude them because they are not meaningfully more secure than AES128, however they are slower. * We then exclude !aNULL, this is needed because we're not manually specifying every cipher by name, and we're not specifying any authentication. This will ensure that no matter what we'll always have *some* authentication. * We then exclude !eNULL, this isn't really needed since all of our included ciphers have encryption specified. It exists primarily for symmetry with !aNULL. * We then exclude !MD5, much like !aNULL this is done because we don't specify a digest anywhere, so we want to make sure we don't support MD5. * Finally we exclude DSS, PSK, and SRP. These are just to make debugging the list easier. It's basically impossible to get a DSS certificate issued instead of a RSA certificate and nobody really uses PSK or SRP. This will drop support for IE8 on Windows XP, essentially dropping support for all versions of IE on Windows XP. Windows XP users would need to use Firefox or Chrome to use the service. Change-Id: I4744a6f42b8f7ab4a4b41ad856ecaa424d8ce3fc |
||
---|---|---|
files | ||
manifests | ||
templates | ||
.gitreview | ||
LICENSE | ||
README.md | ||
Rakefile | ||
metadata.json |
README.md
OpenStack OpenStackId
OpenStackId is a single-sign-on service integrated with openstack.org profile database. Provides openid and oauth2 authentication for third party applications.
Quick Start
class { 'openstackid':
site_admin_password => 'adminpass',
# openstackid application database
id_mysql_host => 'localhost',
id_mysql_user => 'openstackid',
id_mysql_password => 'password',
id_db_name => 'openstackid',
# membership database
ss_mysql_host => 'localhost',
ss_mysql_user => 'openstackid',
ss_mysql_password => 'password',
ss_db_name => '$ss_db_name',
# redis settings
redis_port => '6378',
redis_host => '127.0.0.1',
redis_password => 'password',
# recaptcha service keys
id_recaptcha_public_key => $id_recaptcha_public_key,
id_recaptcha_private_key => $id_recaptcha_private_key,
id_recaptcha_template => $id_recaptcha_template,
# logging
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
# laravel environment settings
id_environment => 'dev',
# ssl configuration
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
# release to deploy
openstackid_release => '1.0.2',
}