openstack/devstack
Code Issues Proposed changes

Switch TLS tests to TLSv1.2+ only

Browse Source 
This would more likely match a relevant production deployment.

Change-Id: I4ee2ff0c00a8e33fd069a782b32eed5fef62c01b
This commit is contained in:
Dirk Mueller 2019-07-14 22:33:13 +02:00
parent 46f05ea237
commit dc01a8ab63
3 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
files/apache-keystone.template
View File

@ -38,6 +38,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
%SSLLISTEN% %SSLENGINE% %SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE% %SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE% %SSLLISTEN% %SSLKEYFILE%
%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost> %SSLLISTEN%</VirtualHost>
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public

1
files/apache-neutron.template
View File

@ -24,6 +24,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
%SSLLISTEN% %SSLENGINE% %SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE% %SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE% %SSLLISTEN% %SSLKEYFILE%
%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost> %SSLLISTEN%</VirtualHost>
Alias /networking %NEUTRON_BIN%/neutron-api Alias /networking %NEUTRON_BIN%/neutron-api

1
lib/tls
View File

@ -536,6 +536,7 @@ $listen_string
<VirtualHost $f_host:$f_port> <VirtualHost $f_host:$f_port>
SSLEngine On SSLEngine On
SSLCertificateFile $DEVSTACK_CERT SSLCertificateFile $DEVSTACK_CERT
SSLProtocol -all +TLSv1.3 +TLSv1.2
# Disable KeepAlive to fix bug #1630664 a.k.a the # Disable KeepAlive to fix bug #1630664 a.k.a the
# ('Connection aborted.', BadStatusLine("''",)) error # ('Connection aborted.', BadStatusLine("''",)) error