summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorTimothy Chavez <timothy.chavez@hp.com>2014-10-16 11:37:17 -0500
committerTimothy Chavez <timothy.chavez@hp.com>2014-10-16 11:41:04 -0500
commit70b932652802b0483e497ddeb0b3e0ca5702c937 (patch)
tree15af5bf28c25b762bdbf01b73244ccfb4a51aa1e /templates
parent7e63b0ed571c56ba09d9f3031a0aea3f4fc43f6f (diff)
Use the SSLProtocol blacklist approach
It turns out that specifying the ciphers we want to use leads to breakage. So instead we'll explicitly tell Apache which ciphers we don't want to use. Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
Diffstat (limited to 'templates')
-rw-r--r--templates/vhost.erb2
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/vhost.erb b/templates/vhost.erb
index 17cc096..f021697 100644
--- a/templates/vhost.erb
+++ b/templates/vhost.erb
@@ -19,7 +19,7 @@
19 CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined 19 CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
20 20
21 SSLEngine on 21 SSLEngine on
22 SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 22 SSLProtocol All -SSLv2 -SSLv3
23 SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> 23 SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
24 SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> 24 SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
25<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> 25<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>