From a22ebefc027cf96d5ece6823735b6630c13e2d1d Mon Sep 17 00:00:00 2001 From: Andreas Jaeger Date: Tue, 1 Mar 2016 15:08:19 +0100 Subject: [PATCH] Add SSL Protocol and Cipher config to default vhost Let's follow best practice and disable weak ciphers and protocols. Change-Id: I4f5075f3e23deebd93da2be8a6609c5e195924e5 --- horizon/files/openstack-dashboard.conf.RedHat | 2 ++ 1 file changed, 2 insertions(+) diff --git a/horizon/files/openstack-dashboard.conf.RedHat b/horizon/files/openstack-dashboard.conf.RedHat index 2a59194..1742bde 100644 --- a/horizon/files/openstack-dashboard.conf.RedHat +++ b/horizon/files/openstack-dashboard.conf.RedHat @@ -76,6 +76,8 @@ Alias /static /usr/share/openstack-dashboard/static ServerName {{ server.host.name }} SSLEngine On + SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 + SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile {{ server.certs_dir }}/{{ server.host.name }}.crt SSLCertificateKeyFile {{ server.private_dir }}/{{ server.host.name }}.key SSLCertificateChainFile {{ server.certs_dir }}/{{ server.ssl.authority }}-chain.crt