openstack/octavia
Code Issues Proposed changes
3d0486a7f3
octavia/releasenotes/notes/add-default-ciphers-2eb70b34290711be.yaml
Dawson Coleman cd176e55c5 Add ability to set TLS cipher list for listeners 
Listeners will now be able to each be assigned their own OpenSSL
cipher string with a new field: tls_ciphers.  There is also a new
configuration option, default_listener_ciphers, which specifies the
cipher string to assign to new listeners when one is not explicitly
specified.

Change-Id: I77da6f14063877af0077f2c12df1aab5d5ead187
Depends-On: Id5f4c20abd40dd092558a711987953012d4ae67f
Story: 2006627
Task: 36839
2020-04-06 17:06:32 -07:00

7 lines
420 B
YAML
Raw Blame History

---
features:
- |
HTTPS-terminated listeners can now be individually configured with an OpenSSL cipher string.
The default cipher string for new listeners can be specified with ``default_tls_ciphers``
in ``octavia.conf``. The built-in default is OWASP's "Suite B" recommendation. (https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html)
Existing listeners will be unaffected.
View Git Blame Copy Permalink