openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Set default ssl protocols according to used webserver 

keystone currently uses two different webservers, depending on the
setup. Set the default ssl protocols accordingly.

Change-Id: If79fdb8d7bf0333bbcc24c42c5d7dc20476f9d64
Closes-Bug: 1770564
This commit is contained in:
Christian Zunker 2018-05-11 08:00:38 +02:00
parent 473e2d3629
commit 9174cf53b2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -217,7 +217,7 @@ keystone_ssl: false
keystone_ssl_cert: /etc/ssl/certs/keystone.pem
keystone_ssl_key: /etc/ssl/private/keystone.key
keystone_ssl_ca_cert: /etc/ssl/certs/keystone-ca.pem
keystone_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
keystone_ssl_protocol: "{{ (keystone_web_server == 'nginx') | ternary('TLSv1 TLSv1.1 TLSv1.2', 'ALL -SSLv2 -SSLv3') }}"
keystone_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it