openstack-ansible/tls_variables-991aec792d58eeb9.yaml at 59ec4725d73c565e91346d420eb70e0e1d9abd66 - openstack-ansible - OpenDev: Free Software Needs Free Tools

openstack/openstack-ansible

Andrew Bonney 0d74b74bfc Add defaults for TLS 1.3 and rename TLS <= 1.2 variable

TLS v1.3 uses different (incompatible) cipher suite names, so
a new variable is added to set these in roles which require them.

TLS v1.2 and below is still required, but the variable name is
changed to avoid confusion, whilst using the old name as a default
if set by a user deployment.

Change-Id: I9312daa7ca75e484f8aa3857fe43565c89e3f09a

2022-01-10 13:46:51 +00:00

11 lines

320 B

YAML

Raw Blame History

 ---
 features:
   - |
     A new 'ssl_cipher_suite_tls13' variable is added for global control of
     TLS v1.3 cipher suites.
 deprecations:
   - |
     The variable 'ssl_cipher_suite' is deprecated in favour of
     'ssl_cipher_suite_tls12' which will continue to manage configuration of
     ciphers for TLS v1.2 and earlier.