tripleo

  1. Bug #1754368
  2. Comment #19

Comment 19 for bug 1754368

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (stable/queens)

Reviewed: https://review.openstack.org/562960
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=5b8e3e121b3f6cdfcc3c95fdc06ab41384b55a2c
Submitter: Zuul
Branch: stable/queens

commit 5b8e3e121b3f6cdfcc3c95fdc06ab41384b55a2c
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000

    Force stunnel to use TLSv1.2

    This allows us to force a TLS version for stunnel, which we
    set to TLSv1.2. This ensures that we're compliant with FedRamp,
    which requires a minimum version of TLSv1.1.

    Unfortunately, using the "option" key didn't work in the configuration
    as was tried in a previous commit. This option would have only only
    disabled the versions we set, instead of only allowing one, like
    "sslVersions" does. This seems to be the only alternative we have at
    the moment.

    Related-Bug: #1754368
    Change-Id: I353f893ee5dcc265269704e23f65aa0460724078
    (cherry picked from commit a5561f0a1d48ff3364f6e1785000dd454bd57057)