opendev/puppet-storyboard
Code Issues Proposed changes

Update SSLProtocol and SSLCipherSuite

Browse Source 
SSLv2 and SSLv3 should never be used. Update the protocol and cipher
suite lines to match the recommendations by the OpenStack Security team.
This includes opt-in to only TLS and strong ciphers.

Change-Id: I25168293cd822b2838252a71890e0c43b5a7b8f0
This commit is contained in:
Monty Taylor 2016-03-01 08:05:12 -06:00
parent 9d27b4e5d6
commit dc490e0e31
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
templates/storyboard_https.vhost.erb
View File

@ -26,6 +26,9 @@
SSLEngine on SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %> SSLCertificateFile <%= scope.lookupvar("storyboard::cert::ssl_cert") %>
SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %> SSLCertificateKeyFile <%= scope.lookupvar("storyboard::cert::ssl_key") %>
<% if scope.lookupvar("storyboard::cert::resolved_ssl_ca") != :undef %> <% if scope.lookupvar("storyboard::cert::resolved_ssl_ca") != :undef %>