Disallow SSLv2, SSLv3 and TLS1.0 in httpd for FedRAMP compliance.
We now enforce TLS1.1 or higher for httpd connections, to meet the
requirements for FedRAMP.
Change-Id: If875822f1cb705d17405621e64fea2536edc142a
Related-Bug: #1754368
(cherry picked from commit 1b54e4b5a7
)
This commit is contained in:
parent
0a2692b6fe
commit
17be56bc19
|
@ -98,6 +98,7 @@ outputs:
|
|||
-
|
||||
generate_service_certificates: true
|
||||
apache::mod::ssl::ssl_ca: {get_param: InternalTLSCAFile}
|
||||
apache::mod::ssl::ssl_protocol: ['all', '-SSLv2', '-SSLv3', '-TLSv1']
|
||||
tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
|
||||
tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
|
||||
apache_certificates_specs:
|
||||
|
|
Loading…
Reference in New Issue