openstack
/
openstack-ansible-os_barbican
Code Issues Proposed changes

Force force-tlsv12 only 

Secure by default

Depends-On: https://review.openstack.org/628979
Change-Id: I068876e37bb7c51dac074f98c8d163237dfe44e1
This commit is contained in:
Matthew Thode 2018-12-17 09:46:30 -06:00
parent 14aa370958
commit 84435d5bc0
No known key found for this signature in database
GPG Key ID: 64A37BEAAE19A4E8
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -176,7 +176,7 @@ barbican_ssl: false
barbican_ssl_cert: /etc/ssl/certs/barbican.pem
barbican_ssl_key: /etc/ssl/private/barbican.key
barbican_ssl_ca_cert: /etc/ssl/certs/barbican-ca.pem
barbican_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
barbican_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1.0 -TLSv1.1') }}"
barbican_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it

7
releasenotes/notes/tls12-only-2025a08207fd562e.yaml Normal file
View File

@ -0,0 +1,7 @@
---
security:
- |
The default TLS version has been set to TLS1.2. This only allows
version 1.2 of the protocol to be used when terminating or creating TLS
connections. You can change the value with the barbican_ssl_protocol
variable.