TLSv1 and TLSv1.1 are still enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Charm Helpers |
Fix Released
|
Undecided
|
Nobuto Murata | ||
OpenStack Base Layer |
Fix Released
|
Undecided
|
Nobuto Murata | ||
OpenStack Dashboard Charm |
Fix Released
|
Undecided
|
Nobuto Murata | ||
OpenStack Keystone Charm |
Fix Released
|
Undecided
|
Nobuto Murata |
Bug Description
According to IETF RFC[0] and OpenStack security guide[1],
TLSv1 and TLSv1.1 are not anymore recommended to use for TLS termination.
I'm now deploying OpenStack Queens for a customer, and customer's requirement is to at least meet the configuration from Mozilla's SSL configuration generator with "Intermediate"[2],
which is to disable SSLv3, TLSv1 and TLSv1.1
For openstack-
[0] https:/
[1] https:/
[2] https:/
[3] https:/
[4] https:/
Changed in charm-helpers: | |
assignee: | nobody → Nobuto Murata (nobuto) |
Changed in charm-openstack-dashboard: | |
milestone: | none → 20.08 |
Changed in charm-openstack-dashboard: | |
status: | Fix Committed → Fix Released |
Changed in layer-openstack: | |
assignee: | nobody → Nobuto Murata (nobuto) |
Changed in layer-openstack: | |
milestone: | none → 20.10 |
Changed in layer-openstack: | |
status: | Fix Committed → Fix Released |
Changed in charm-keystone: | |
assignee: | nobody → Nobuto Murata (nobuto) |
Changed in charm-keystone: | |
status: | New → In Progress |
Changed in charm-keystone: | |
milestone: | none → 21.04 |
status: | Fix Committed → Fix Released |
https:/ /github. com/juju/ charm-helpers/ pull/485