Force force-tlsv12 only
Secure by default Depends-On: https://review.openstack.org/628979 Change-Id: I068876e37bb7c51dac074f98c8d163237dfe44e1
This commit is contained in:
parent
14aa370958
commit
84435d5bc0
|
@ -176,7 +176,7 @@ barbican_ssl: false
|
|||
barbican_ssl_cert: /etc/ssl/certs/barbican.pem
|
||||
barbican_ssl_key: /etc/ssl/private/barbican.key
|
||||
barbican_ssl_ca_cert: /etc/ssl/certs/barbican-ca.pem
|
||||
barbican_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
|
||||
barbican_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1.0 -TLSv1.1') }}"
|
||||
barbican_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
|
||||
|
||||
# if using a self-signed certificate, set this to true to regenerate it
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
The default TLS version has been set to TLS1.2. This only allows
|
||||
version 1.2 of the protocol to be used when terminating or creating TLS
|
||||
connections. You can change the value with the barbican_ssl_protocol
|
||||
variable.
|
Loading…
Reference in New Issue