6aad5d8b9f
Add field tls_versions to listeners for restricting TLS versions used. This is a list of versions to be used. Available values (as defined in octavia-lib): SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 Add default_listener_tls_versions in octavia.conf. Note that at this time TLS 1.3 ciphersuites are not impelemented, so any TLS 1.3 connections will use haproxy's default ciphers instead of what's specified by tls_ciphers. Change-Id: Ic33d9b9a256490ae1b048cdfd2475d6340509fdb Story: 2006733 Task: 37170 Task: 37169
15 lines
620 B
YAML
15 lines
620 B
YAML
---
|
|
features:
|
|
- |
|
|
HTTPS-terminated listeners can now be configured to use only specified
|
|
versions of TLS. Default TLS versions for new listeners can be set with
|
|
``default_listener_tls_versions`` in ``octavia.conf``. Existing listeners
|
|
will continue to use the old defaults.
|
|
upgrade:
|
|
- |
|
|
HTTPS-terminated listeners will now only allow TLS1.2 and TLS1.3 by
|
|
default. If no TLS versions are specified at listener create time, the
|
|
listener will only accept TLS1.2 and TLS1.3 connections. Previously TLS
|
|
listeners would accept any TLS version. Existing listeners will not be
|
|
changed.
|