openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes

Disable SSLv3

Browse Source 
Add the 'ssl-default-bind-options no-sslv3' option to the
configuration file so that SSLv3 is not enabled.

Change-Id: I2d06189e61064d9af10bea1091fba31163331379
Closes-Bug: 1640560
This commit is contained in:
Kyle L. Henderson 2016-11-09 12:19:44 -06:00 committed by Jesse Pretorius (odyssey4me)
parent d7cc047f8d
commit 1716a70703
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
releasenotes/notes/disable-sslv3-303acdcc6b593180.yaml Normal file
View File

@ -0,0 +1,3 @@
---
fixes:
- SSLv3 is now disabled in the haproxy daemon configuration by default.

5
templates/haproxy.cfg.j2
View File

@ -10,7 +10,10 @@ global
maxconn 4096 maxconn 4096
tune.bufsize 384000 tune.bufsize 384000
stats socket /var/run/haproxy.stat level admin mode 600 stats socket /var/run/haproxy.stat level admin mode 600
{% if haproxy_ssl | bool %}tune.ssl.default-dh-param {{haproxy_ssl_dh_param}}{% endif %} {% if haproxy_ssl | bool %}
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param {{haproxy_ssl_dh_param}}
{% endif %}
defaults defaults
log global log global