From 896b2c72cf0227cb672e86cad4ff184d8db7e98d Mon Sep 17 00:00:00 2001
From: Tom Jose Kalapura <tomjosekal@gmail.com>
Date: Tue, 28 Feb 2017 21:05:25 -0800
Subject: [PATCH] Use horizon_ssl_protocol variable

This fix help in overriding the required ssl_protocol. Enabling TLS 1.0 and
TLS 1.1 as it prone to TLS Supported Cipher Suites Vulnerability and
using TLSv1.2 will remediate this vulnerability.

Change-Id: I4f7541a1e8e24e38aa8b9dcd84171c380d04c3d8
---
 templates/openstack_dashboard.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/openstack_dashboard.conf.j2 b/templates/openstack_dashboard.conf.j2
index 88fb5d26..8ad1ab79 100644
--- a/templates/openstack_dashboard.conf.j2
+++ b/templates/openstack_dashboard.conf.j2
@@ -24,7 +24,7 @@
     SSLCACertificateFile  {{ horizon_ssl_ca_cert }}
     {% endif -%}
     SSLCompression Off
-    SSLProtocol All -SSLv2 -SSLv3
+    SSLProtocol {{ horizon_ssl_protocol }} 
     SSLHonorCipherOrder On
     SSLCipherSuite {{ horizon_ssl_cipher_suite }}
     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown