Update SSLProtocol and SSLCipherSuite

SSLv2 and SSLv3 should never be used. Update the protocol and cipher
suite lines to match the recommendations by the OpenStack Security team.
This includes opt-in to only TLS and strong ciphers.

Change-Id: I25168293cd822b2838252a71890e0c43b5a7b8f0
This commit is contained in:
Monty Taylor 2016-03-01 08:05:12 -06:00
parent 9d27b4e5d6
commit dc490e0e31
1 changed files with 3 additions and 0 deletions

View File

@ -26,6 +26,9 @@
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %>
<% if scope.lookupvar("storyboard::cert::resolved_ssl_ca") != :undef %>