Add SSL Protocol and Cipher config to default vhost
Let's follow best practice and disable weak ciphers and protocols. Change-Id: I4f5075f3e23deebd93da2be8a6609c5e195924e5
This commit is contained in:
parent
aa77c29ad5
commit
a22ebefc02
|
@ -76,6 +76,8 @@ Alias /static /usr/share/openstack-dashboard/static
|
|||
ServerName {{ server.host.name }}
|
||||
|
||||
SSLEngine On
|
||||
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
||||
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
||||
SSLCertificateFile {{ server.certs_dir }}/{{ server.host.name }}.crt
|
||||
SSLCertificateKeyFile {{ server.private_dir }}/{{ server.host.name }}.key
|
||||
SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt
|
||||
|
|
Loading…
Reference in New Issue