Merge "Disallow SSLv2, SSLv3 and TLS1.0 in httpd for FedRAMP compliance."

2018-04-20 13:59:45 +00:00 · 2018-04-20 13:59:45 +00:00 · 9adbefc722
commit 9adbefc722
parent 0bf8943f05 1b54e4b5a7
1 changed files with 1 additions and 0 deletions
--- a/puppet/services/apache.j2.yaml
+++ b/puppet/services/apache.j2.yaml
@ -104,6 +104,7 @@ outputs:
            -
              generate_service_certificates: true
              apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
+              apache::mod::ssl::ssl_protocol: ['all', '-SSLv2', '-SSLv3', '-TLSv1']
              tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
              tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
              apache_certificates_specs: