openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Merge "Remove 3DES from keystone_ssl_cipher_suite" into stable/ocata

This commit is contained in:
Jenkins 2017-02-10 12:29:02 +00:00 committed by Gerrit Code Review
parent 594605e19b ba542baeb5
commit c64c50abb3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/main.yml
View File

@ -223,8 +223,8 @@ keystone_ssl: false
keystone_ssl_cert: /etc/ssl/certs/keystone.pem
keystone_ssl_key: /etc/ssl/private/keystone.key
keystone_ssl_ca_cert: /etc/ssl/certs/keystone-ca.pem
keystone_ssl_protocol: "{{ ssl_protocol|default('ALL -SSLv2 -SSLv3') }}"
keystone_ssl_cipher_suite: "{{ ssl_cipher_suite|default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS') }}"
keystone_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
keystone_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it
keystone_ssl_self_signed_regen: false