Force force-tlsv12 only
Secure by default Change-Id: I507a25114481ff0c6b229eeea980785a45dad460
This commit is contained in:
parent
7b27f7ba30
commit
05d9f6a032
@ -16,6 +16,6 @@
|
|||||||
## SSL
|
## SSL
|
||||||
# These do not need to be configured unless you're creating certificates for
|
# These do not need to be configured unless you're creating certificates for
|
||||||
# services running behind Apache (currently, Horizon and Keystone).
|
# services running behind Apache (currently, Horizon and Keystone).
|
||||||
ssl_protocol: "ALL -SSLv2 -SSLv3"
|
ssl_protocol: "ALL -SSLv2 -SSLv3 -TLSv1.0 -TLSv1.1"
|
||||||
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
||||||
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
|
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
|
||||||
|
6
releasenotes/notes/tls12-only-08825fd013f0a244.yaml
Normal file
6
releasenotes/notes/tls12-only-08825fd013f0a244.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
The default TLS version has been set to TLS1.2. This only allows
|
||||||
|
version 1.2 of the protocol to be used when terminating or creating TLS
|
||||||
|
connections. You can change the value with the ssl_protocol variable.
|
Loading…
Reference in New Issue
Block a user