Disallow SSLv2, SSLv3 and TLS1.0 in httpd for FedRAMP compliance.
We now enforce TLS1.1 or higher for httpd connections, to meet the requirements for FedRAMP. Change-Id: If875822f1cb705d17405621e64fea2536edc142a Related-Bug: #1754368
This commit is contained in:
parent
628cd0e390
commit
1b54e4b5a7
@ -104,6 +104,7 @@ outputs:
|
|||||||
-
|
-
|
||||||
generate_service_certificates: true
|
generate_service_certificates: true
|
||||||
apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
|
apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
|
||||||
|
apache::mod::ssl::ssl_protocol: ['all', '-SSLv2', '-SSLv3', '-TLSv1']
|
||||||
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
||||||
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
||||||
apache_certificates_specs:
|
apache_certificates_specs:
|
||||||
|
Loading…
Reference in New Issue
Block a user