18 lines
853 B
YAML
18 lines
853 B
YAML
---
|
|
other:
|
|
- |
|
|
A new pair of ``ssl_ciphers`` and ``ssl_minimum_version`` configuration
|
|
options have been introduced for use by the ``nova-novncproxy``,
|
|
``nova-serialproxy``, and ``nova-spicehtml5proxy`` services. These new
|
|
options allow one to configure the allowed TLS ciphers and minimum protocol
|
|
version to enforce for incoming client connections to the proxy services.
|
|
|
|
This aims to address the issues reported in `bug 1842149`_, where it
|
|
describes that the proxy services can inherit insecure TLS ciphers
|
|
and protocol versions from the compiled-in defaults of the OpenSSL
|
|
library on the underlying system. The proxy services provided no way
|
|
to override such insecure defaults with current day generally accepted
|
|
secure TLS settings.
|
|
|
|
.. _bug 1842149: https://bugs.launchpad.net/nova/+bug/1842149
|