Add SSL Protocol and Cipher config to default vhost

Let's follow best practice and disable weak ciphers and protocols. Change-Id: I4f5075f3e23deebd93da2be8a6609c5e195924e5
2016-03-01 15:08:19 +01:00 · 2016-03-01 15:08:19 +01:00 · a22ebefc02
parent aa77c29ad5
commit a22ebefc02
1 changed files with 2 additions and 0 deletions
--- a/horizon/files/openstack-dashboard.conf.RedHat
+++ b/horizon/files/openstack-dashboard.conf.RedHat
@ -76,6 +76,8 @@ Alias /static /usr/share/openstack-dashboard/static
  ServerName {{ server.host.name }}

  SSLEngine On
+  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
+  SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
  SSLCertificateFile {{ server.certs_dir }}/{{ server.host.name }}.crt
  SSLCertificateKeyFile {{ server.private_dir }}/{{ server.host.name }}.key
  SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt