Merge "Set default ssl protocols according to used webserver"

2018-09-10 09:34:31 +00:00 · 2018-09-10 09:34:31 +00:00 · 131cc11f69
parent 9f44cd0cf5 9174cf53b2
commit 131cc11f69
1 changed files with 1 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -244,7 +244,7 @@ keystone_ssl: false
 keystone_ssl_cert: /etc/ssl/certs/keystone.pem
 keystone_ssl_key: /etc/ssl/private/keystone.key
 keystone_ssl_ca_cert: /etc/ssl/certs/keystone-ca.pem
-keystone_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
+keystone_ssl_protocol: "{{ (keystone_web_server == 'nginx') | ternary('TLSv1 TLSv1.1 TLSv1.2', 'ALL -SSLv2 -SSLv3') }}"
 keystone_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"

 # if using a self-signed certificate, set this to true to regenerate it