commit c94340b812c6d4de21793b69edccdcf4796f69a6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000
Force stunnel to use TLSv1.2
This allows us to force a TLS version for stunnel, which we
set to TLSv1.2. This ensures that we're compliant with FedRamp,
which requires a minimum version of TLSv1.1.
Unfortunately, using the "option" key didn't work in the configuration
as was tried in a previous commit. This option would have only only
disabled the versions we set, instead of only allowing one, like
"sslVersions" does. This seems to be the only alternative we have at
the moment.
Related-Bug: #1754368
Change-Id: I353f893ee5dcc265269704e23f65aa0460724078
(cherry picked from commit a5561f0a1d48ff3364f6e1785000dd454bd57057)
Reviewed: https:/ /review. openstack. org/562961 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=c94340b812c 6d4de21793b69ed ccdcf4796f69a6
Committed: https:/
Submitter: Zuul
Branch: stable/pike
commit c94340b812c6d4d e21793b69edccdc f4796f69a6
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000
Force stunnel to use TLSv1.2
This allows us to force a TLS version for stunnel, which we
set to TLSv1.2. This ensures that we're compliant with FedRamp,
which requires a minimum version of TLSv1.1.
Unfortunately, using the "option" key didn't work in the configuration
as was tried in a previous commit. This option would have only only
disabled the versions we set, instead of only allowing one, like
"sslVersions" does. This seems to be the only alternative we have at
the moment.
Related-Bug: #1754368 65269704e23f65a a0460724078 364f6e1785000dd 454bd57057)
Change-Id: I353f893ee5dcc2
(cherry picked from commit a5561f0a1d48ff3