tripleo

  1. Bug #1754368
  2. Comment #20

Comment 20 for bug 1754368

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (stable/pike)

Reviewed: https://review.openstack.org/562961
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=c94340b812c6d4de21793b69edccdcf4796f69a6
Submitter: Zuul
Branch: stable/pike

commit c94340b812c6d4de21793b69edccdcf4796f69a6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000

    Force stunnel to use TLSv1.2

    This allows us to force a TLS version for stunnel, which we
    set to TLSv1.2. This ensures that we're compliant with FedRamp,
    which requires a minimum version of TLSv1.1.

    Unfortunately, using the "option" key didn't work in the configuration
    as was tried in a previous commit. This option would have only only
    disabled the versions we set, instead of only allowing one, like
    "sslVersions" does. This seems to be the only alternative we have at
    the moment.

    Related-Bug: #1754368
    Change-Id: I353f893ee5dcc265269704e23f65aa0460724078
    (cherry picked from commit a5561f0a1d48ff3364f6e1785000dd454bd57057)