Switch to TLSv1 as SSLv3 is considered insecure and is disabled by default
Rabbitmq won't talk to us anymore if we try to use SSLv3 as it disabled support for SSLv3. Openstack components use python's openssl implementation which does not support TLSv1.1 and TLSv1.2 yet so we just switch to TLSv1. Support for newer TLS should come with python 2.7.9+ Closes-Bug: #1409667 Change-Id: I00cfa06030b84ae23cb8548b74cf5684562377aa
This commit is contained in:
parent
a83673c3ba
commit
90247cf8cd
|
@ -53,7 +53,7 @@
|
|||
# (optional) SSL version to use (valid only if SSL enabled).
|
||||
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
|
||||
# available on some distributions.
|
||||
# Defaults to 'SSLv3'
|
||||
# Defaults to 'TLSv1'
|
||||
#
|
||||
# [*qpid_hostname*]
|
||||
# [*qpid_port*]
|
||||
|
@ -91,7 +91,7 @@ class ceilometer(
|
|||
$kombu_ssl_ca_certs = undef,
|
||||
$kombu_ssl_certfile = undef,
|
||||
$kombu_ssl_keyfile = undef,
|
||||
$kombu_ssl_version = 'SSLv3',
|
||||
$kombu_ssl_version = 'TLSv1',
|
||||
$qpid_hostname = 'localhost',
|
||||
$qpid_port = 5672,
|
||||
$qpid_username = 'guest',
|
||||
|
|
|
@ -252,7 +252,7 @@ describe 'ceilometer' do
|
|||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
|
||||
it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
|
||||
end
|
||||
|
||||
context "with SSL wrongly configured" do
|
||||
|
|
Loading…
Reference in New Issue