summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-04-18 15:40:08 +0000
committerGerrit Code Review <review@openstack.org>2017-04-18 15:40:08 +0000
commitdd4259fd8ad14f330795caafbe0f739e25323be2 (patch)
tree0cb29ff479bd3341868a31659161fabf5a36b8cf
parenta5abfc28aacc48afd70d428d2600c55de0a127c8 (diff)
parent7261e43577da1db39744c64ee0c37f2121182c1e (diff)
Merge "Exclude anonymous cipher suites from Cobbler SSL configuration"
-rw-r--r--deployment/puppet/cobbler/manifests/apache.pp2
-rw-r--r--deployment/puppet/cobbler/spec/classes/cobbler_apache_spec.rb3
2 files changed, 2 insertions, 3 deletions
diff --git a/deployment/puppet/cobbler/manifests/apache.pp b/deployment/puppet/cobbler/manifests/apache.pp
index 4bba28c..452b79b 100644
--- a/deployment/puppet/cobbler/manifests/apache.pp
+++ b/deployment/puppet/cobbler/manifests/apache.pp
@@ -60,7 +60,7 @@ class cobbler::apache {
60 ], 60 ],
61 custom_fragment => ' 61 custom_fragment => '
62 CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"', 62 CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"',
63 ssl_cipher => 'ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH', 63 ssl_cipher => 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
64 setenvif => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'], 64 setenvif => ['User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'],
65 } 65 }
66} 66}
diff --git a/deployment/puppet/cobbler/spec/classes/cobbler_apache_spec.rb b/deployment/puppet/cobbler/spec/classes/cobbler_apache_spec.rb
index 2eacda1..699e0de 100644
--- a/deployment/puppet/cobbler/spec/classes/cobbler_apache_spec.rb
+++ b/deployment/puppet/cobbler/spec/classes/cobbler_apache_spec.rb
@@ -102,7 +102,7 @@ describe "cobbler::apache" do
102 :ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt", 102 :ssl_cert => "/var/lib/fuel/keys/master/cobbler/cobbler.crt",
103 :ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key", 103 :ssl_key => "/var/lib/fuel/keys/master/cobbler/cobbler.key",
104 :rewrites => ssl_rewrites, 104 :rewrites => ssl_rewrites,
105 :ssl_cipher => "ALL:!ADH:!EXPORT:!SSLv2:!MEDIUM:!LOW:+HIGH", 105 :ssl_cipher => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS",
106 :setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"], 106 :setenvif => ["User-Agent \".*MSIE.*\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0"],
107 ) 107 )
108 end 108 end
@@ -119,4 +119,3 @@ describe "cobbler::apache" do
119 end 119 end
120 120
121end 121end
122